VirtualBox

Ticket #19162: VBoxHardening.log

File VBoxHardening.log, 175.8 KB (added by superneftegaz, 5 years ago)
Line 
12584.1660: Log file opened: 6.0.14r133895 g_hStartupLog=0000000000000070 g_uNtVerCombined=0xa0456300
22584.1660: \SystemRoot\System32\ntdll.dll:
32584.1660: CreationTime: 2019-10-26T06:25:21.218613600Z
42584.1660: LastWriteTime: 2019-10-26T06:25:21.374772900Z
52584.1660: ChangeTime: 2019-12-10T18:28:32.715327900Z
62584.1660: FileAttributes: 0x20
72584.1660: Size: 0x1e70e0
82584.1660: NT Headers: 0xe0
92584.1660: Timestamp: 0x1f1a0210
102584.1660: Machine: 0x8664 - amd64
112584.1660: Timestamp: 0x1f1a0210
122584.1660: Image Version: 10.0
132584.1660: SizeOfImage: 0x1ed000 (2019328)
142584.1660: Resource Dir: 0x17d000 LB 0x6eb48
152584.1660: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
162584.1660: [Raw version resource data: 0x17d0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
172584.1660: ProductName: Microsoft® Windows® Operating System
182584.1660: ProductVersion: 10.0.17763.831
192584.1660: FileVersion: 10.0.17763.831 (WinBuild.160101.0800)
202584.1660: FileDescription: NT Layer DLL
212584.1660: \SystemRoot\System32\kernel32.dll:
222584.1660: CreationTime: 2019-05-21T15:18:15.716327300Z
232584.1660: LastWriteTime: 2019-05-21T15:18:15.747064300Z
242584.1660: ChangeTime: 2019-12-10T18:28:32.668445800Z
252584.1660: FileAttributes: 0x20
262584.1660: Size: 0xb12c0
272584.1660: NT Headers: 0xe8
282584.1660: Timestamp: 0x250a0626
292584.1660: Machine: 0x8664 - amd64
302584.1660: Timestamp: 0x250a0626
312584.1660: Image Version: 10.0
322584.1660: SizeOfImage: 0xb3000 (733184)
332584.1660: Resource Dir: 0xb1000 LB 0x520
342584.1660: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
352584.1660: [Raw version resource data: 0xb10b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
362584.1660: ProductName: Microsoft® Windows® Operating System
372584.1660: ProductVersion: 10.0.17763.475
382584.1660: FileVersion: 10.0.17763.475 (WinBuild.160101.0800)
392584.1660: FileDescription: Windows NT BASE API Client DLL
402584.1660: \SystemRoot\System32\KernelBase.dll:
412584.1660: CreationTime: 2019-12-10T18:26:48.543167600Z
422584.1660: LastWriteTime: 2019-12-10T18:26:48.777623900Z
432584.1660: ChangeTime: 2019-12-10T19:01:12.208613700Z
442584.1660: FileAttributes: 0x20
452584.1660: Size: 0x2931f8
462584.1660: NT Headers: 0xf8
472584.1660: Timestamp: 0xfb6790ac
482584.1660: Machine: 0x8664 - amd64
492584.1660: Timestamp: 0xfb6790ac
502584.1660: Image Version: 10.0
512584.1660: SizeOfImage: 0x293000 (2699264)
522584.1660: Resource Dir: 0x26f000 LB 0x548
532584.1660: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
542584.1660: [Raw version resource data: 0x26f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
552584.1660: ProductName: Microsoft® Windows® Operating System
562584.1660: ProductVersion: 10.0.17763.914
572584.1660: FileVersion: 10.0.17763.914 (WinBuild.160101.0800)
582584.1660: FileDescription: Windows NT BASE API Client DLL
592584.1660: \SystemRoot\System32\apisetschema.dll:
602584.1660: CreationTime: 2018-09-15T07:28:25.403122600Z
612584.1660: LastWriteTime: 2018-09-15T07:28:25.403122600Z
622584.1660: ChangeTime: 2019-08-01T13:38:31.956025100Z
632584.1660: FileAttributes: 0x20
642584.1660: Size: 0x1c738
652584.1660: NT Headers: 0xd0
662584.1660: Timestamp: 0x33775897
672584.1660: Machine: 0x8664 - amd64
682584.1660: Timestamp: 0x33775897
692584.1660: Image Version: 10.0
702584.1660: SizeOfImage: 0x1d000 (118784)
712584.1660: Resource Dir: 0x1c000 LB 0x408
722584.1660: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
732584.1660: [Raw version resource data: 0x1c060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
742584.1660: ProductName: Microsoft® Windows® Operating System
752584.1660: ProductVersion: 10.0.17763.1
762584.1660: FileVersion: 10.0.17763.1 (WinBuild.160101.0800)
772584.1660: FileDescription: ApiSet Schema DLL
782584.1660: NtOpenDirectoryObject failed on \Driver: 0xc0000022
792584.1660: supR3HardenedWinFindAdversaries: 0x40
802584.1660: \SystemRoot\System32\drivers\klflt.sys:
812584.1660: CreationTime: 2019-08-05T11:58:31.714327500Z
822584.1660: LastWriteTime: 2019-10-31T09:59:01.548529300Z
832584.1660: ChangeTime: 2019-10-31T09:59:01.548529300Z
842584.1660: FileAttributes: 0x20
852584.1660: Size: 0x3d678
862584.1660: NT Headers: 0x100
872584.1660: Timestamp: 0xddaa7cbc
882584.1660: Machine: 0x8664 - amd64
892584.1660: Timestamp: 0xddaa7cbc
902584.1660: Image Version: 6.1
912584.1660: SizeOfImage: 0x4a000 (303104)
922584.1660: Resource Dir: 0x47000 LB 0x418
932584.1660: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
942584.1660: [Raw version resource data: 0x47060 LB 0x3b8, codepage 0x0 (reserved 0x0)]
952584.1660: ProductName: Coretech Delivery
962584.1660: ProductVersion: 30.112.90.0
972584.1660: FileVersion: 30.112.90.0
982584.1660: FileDescription: Filter Core [fre_win7_amd64]
992584.1660: \SystemRoot\System32\drivers\klif.sys:
1002584.1660: CreationTime: 2019-08-05T11:58:31.848799700Z
1012584.1660: LastWriteTime: 2019-10-31T09:59:01.803543200Z
1022584.1660: ChangeTime: 2019-10-31T09:59:01.803543200Z
1032584.1660: FileAttributes: 0x20
1042584.1660: Size: 0xf3a80
1052584.1660: NT Headers: 0xf8
1062584.1660: Timestamp: 0x5da6282c
1072584.1660: Machine: 0x8664 - amd64
1082584.1660: Timestamp: 0x5da6282c
1092584.1660: Image Version: 6.1
1102584.1660: SizeOfImage: 0xf4000 (999424)
1112584.1660: Resource Dir: 0xeb000 LB 0x33f8
1122584.1660: [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)]
1132584.1660: [Raw version resource data: 0xee028 LB 0x3d0, codepage 0x0 (reserved 0x0)]
1142584.1660: ProductName: Coretech Delivery
1152584.1660: ProductVersion: 30.112.90.0
1162584.1660: FileVersion: 30.112.90.0
1172584.1660: FileDescription: Core System Interceptors [fre_win7_amd64]
1182584.1660: \SystemRoot\System32\drivers\klim6.sys:
1192584.1660: CreationTime: 2019-03-19T02:21:06.000000000Z
1202584.1660: LastWriteTime: 2019-03-19T02:21:06.000000000Z
1212584.1660: ChangeTime: 2019-08-05T11:59:15.443759300Z
1222584.1660: FileAttributes: 0x20
1232584.1660: Size: 0xe350
1242584.1660: NT Headers: 0xe0
1252584.1660: Timestamp: 0x54ad405e
1262584.1660: Machine: 0x8664 - amd64
1272584.1660: Timestamp: 0x54ad405e
1282584.1660: Image Version: 6.1
1292584.1660: SizeOfImage: 0xb000 (45056)
1302584.1660: Resource Dir: 0x9000 LB 0x430
1312584.1660: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1322584.1660: [Raw version resource data: 0x9060 LB 0x3cc, codepage 0x0 (reserved 0x0)]
1332584.1660: ProductName: Coretech Delivery
1342584.1660: ProductVersion: 30.0.3724.0
1352584.1660: FileVersion: 30.0.3724.0
1362584.1660: FileDescription: Packet Network Filter [fre_win7_amd64]
1372584.1660: \SystemRoot\System32\drivers\klkbdflt.sys:
1382584.1660: CreationTime: 2019-03-17T21:11:30.000000000Z
1392584.1660: LastWriteTime: 2019-03-17T21:11:30.000000000Z
1402584.1660: ChangeTime: 2019-08-05T11:59:11.806205900Z
1412584.1660: FileAttributes: 0x20
1422584.1660: Size: 0x13550
1432584.1660: NT Headers: 0xf8
1442584.1660: Timestamp: 0x79cc11d7
1452584.1660: Machine: 0x8664 - amd64
1462584.1660: Timestamp: 0x79cc11d7
1472584.1660: Image Version: 6.1
1482584.1660: SizeOfImage: 0x12000 (73728)
1492584.1660: Resource Dir: 0x10000 LB 0x438
1502584.1660: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1512584.1660: [Raw version resource data: 0x10060 LB 0x3d4, codepage 0x0 (reserved 0x0)]
1522584.1660: ProductName: Coretech Delivery
1532584.1660: ProductVersion: 30.0.3716.0
1542584.1660: FileVersion: 30.0.3716.0
1552584.1660: FileDescription: Keyboard Device Filter [fre_win7_amd64]
1562584.1660: \SystemRoot\System32\drivers\klmouflt.sys:
1572584.1660: CreationTime: 2019-03-17T20:50:34.000000000Z
1582584.1660: LastWriteTime: 2019-03-17T20:50:34.000000000Z
1592584.1660: ChangeTime: 2019-08-05T11:59:11.843009100Z
1602584.1660: FileAttributes: 0x20
1612584.1660: Size: 0xe878
1622584.1660: NT Headers: 0xe8
1632584.1660: Timestamp: 0xab7b625
1642584.1660: Machine: 0x8664 - amd64
1652584.1660: Timestamp: 0xab7b625
1662584.1660: Image Version: 6.1
1672584.1660: SizeOfImage: 0xe000 (57344)
1682584.1660: Resource Dir: 0xc000 LB 0x430
1692584.1660: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1702584.1660: [Raw version resource data: 0xc060 LB 0x3d0, codepage 0x0 (reserved 0x0)]
1712584.1660: ProductName: Coretech Delivery
1722584.1660: ProductVersion: 30.0.3716.0
1732584.1660: FileVersion: 30.0.3716.0
1742584.1660: FileDescription: Mouse Device Filter [fre_win7_amd64]
1752584.1660: \SystemRoot\System32\drivers\kneps.sys:
1762584.1660: CreationTime: 2019-03-18T21:31:38.000000000Z
1772584.1660: LastWriteTime: 2019-03-18T21:31:38.000000000Z
1782584.1660: ChangeTime: 2019-08-05T11:59:10.794405100Z
1792584.1660: FileAttributes: 0x20
1802584.1660: Size: 0x38b50
1812584.1660: NT Headers: 0x108
1822584.1660: Timestamp: 0x7aa255dc
1832584.1660: Machine: 0x8664 - amd64
1842584.1660: Timestamp: 0x7aa255dc
1852584.1660: Image Version: 6.1
1862584.1660: SizeOfImage: 0x38000 (229376)
1872584.1660: Resource Dir: 0x35000 LB 0x428
1882584.1660: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1892584.1660: [Raw version resource data: 0x35060 LB 0x3c4, codepage 0x0 (reserved 0x0)]
1902584.1660: ProductName: Coretech Delivery
1912584.1660: ProductVersion: 30.0.3731.0
1922584.1660: FileVersion: 30.0.3731.0
1932584.1660: FileDescription: Network Processor [fre_win7_amd64]
1942584.1660: \SystemRoot\System32\klfphc.dll:
1952584.1660: CreationTime: 2019-08-05T11:59:09.424175900Z
1962584.1660: LastWriteTime: 2013-05-06T03:13:26.000000000Z
1972584.1660: ChangeTime: 2019-08-05T11:58:46.331052700Z
1982584.1660: FileAttributes: 0x20
1992584.1660: Size: 0x1ae60
2002584.1660: NT Headers: 0xe8
2012584.1660: Timestamp: 0x51873bf2
2022584.1660: Machine: 0x8664 - amd64
2032584.1660: Timestamp: 0x51873bf2
2042584.1660: Image Version: 0.0
2052584.1660: SizeOfImage: 0x1d000 (118784)
2062584.1660: Resource Dir: 0x18000 LB 0x3c80
2072584.1660: [Version info resource found at 0x188! (ID/Name: 0x1; SubID/SubName: 0x409)]
2082584.1660: [Raw version resource data: 0x1b800 LB 0x324, codepage 0x4e4 (reserved 0x0)]
2092584.1660: ProductName: Kaspersky™ Anti-Virus ®
2102584.1660: ProductVersion: 1.0.0.12
2112584.1660: FileVersion: 1.0.0.12
2122584.1660: FileDescription: Filtering Platform Helper Class
2132584.1660: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2142584.1660: Calling main()
2152584.1660: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
2162584.1660: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2172584.1660: SUPR3HardenedMain: Respawn #1
2182584.1660: System32: \Device\HarddiskVolume2\Windows\System32
2192584.1660: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
2202584.1660: KnownDllPath: C:\Windows\System32
2212584.1660: supR3HardenedWinInit: Performing a limited self purification...
2222584.1660: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
2232584.1660: *0000000000000000-0000000000aeffff 0x0001/0x0000 0x0000000
2242584.1660: *0000000000af0000-0000000000afffff 0x0004/0x0004 0x0040000
2252584.1660: 0000000000b00000-0000000000b0ffff 0x0001/0x0000 0x0000000
2262584.1660: *0000000000b10000-0000000000b29fff 0x0002/0x0002 0x0040000
2272584.1660: 0000000000b2a000-0000000000b2ffff 0x0001/0x0000 0x0000000
2282584.1660: *0000000000b30000-0000000000b33fff 0x0002/0x0002 0x0040000
2292584.1660: 0000000000b34000-0000000000b3ffff 0x0001/0x0000 0x0000000
2302584.1660: *0000000000b40000-0000000000b41fff 0x0004/0x0004 0x0020000
2312584.1660: 0000000000b42000-0000000000b4ffff 0x0001/0x0000 0x0000000
2322584.1660: *0000000000b50000-0000000000b51fff 0x0004/0x0004 0x0020000
2332584.1660: 0000000000b52000-0000000000b69fff 0x0000/0x0004 0x0020000
2342584.1660: 0000000000b6a000-0000000000bfffff 0x0001/0x0000 0x0000000
2352584.1660: *0000000000c00000-0000000000daafff 0x0000/0x0004 0x0020000
2362584.1660: 0000000000dab000-0000000000dadfff 0x0004/0x0004 0x0020000
2372584.1660: 0000000000dae000-0000000000dfffff 0x0000/0x0004 0x0020000
2382584.1660: *0000000000e00000-0000000000eb0fff 0x0000/0x0004 0x0020000
2392584.1660: 0000000000eb1000-0000000000eb3fff 0x0104/0x0004 0x0020000
2402584.1660: 0000000000eb4000-0000000000efffff 0x0004/0x0004 0x0020000
2412584.1660: *0000000000f00000-0000000000fc4fff 0x0002/0x0002 0x0040000
2422584.1660: 0000000000fc5000-0000000000fcffff 0x0001/0x0000 0x0000000
2432584.1660: *0000000000fd0000-0000000000fecfff 0x0004/0x0004 0x0020000
2442584.1660: 0000000000fed000-00000000010cffff 0x0000/0x0004 0x0020000
2452584.1660: 00000000010d0000-00000000010dffff 0x0001/0x0000 0x0000000
2462584.1660: *00000000010e0000-00000000010e4fff 0x0004/0x0004 0x0020000
2472584.1660: 00000000010e5000-00000000011dffff 0x0000/0x0004 0x0020000
2482584.1660: 00000000011e0000-000000000139ffff 0x0001/0x0000 0x0000000
2492584.1660: *00000000013a0000-00000000013aefff 0x0004/0x0004 0x0020000
2502584.1660: 00000000013af000-00000000013affff 0x0000/0x0004 0x0020000
2512584.1660: *00000000013b0000-00000000013b5fff 0x0000/0x0004 0x0020000
2522584.1660: 00000000013b6000-00000000015a3fff 0x0004/0x0004 0x0020000
2532584.1660: 00000000015a4000-00000000015a4fff 0x0000/0x0004 0x0020000
2542584.1660: 00000000015a5000-000000007ffdffff 0x0001/0x0000 0x0000000
2552584.1660: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2562584.1660: 000000007ffe1000-000000007ffe4fff 0x0001/0x0000 0x0000000
2572584.1660: *000000007ffe5000-000000007ffe5fff 0x0002/0x0002 0x0020000
2582584.1660: 000000007ffe6000-00007ff4e20dffff 0x0001/0x0000 0x0000000
2592584.1660: *00007ff4e20e0000-00007ff4e20e4fff 0x0002/0x0002 0x0040000
2602584.1660: 00007ff4e20e5000-00007ff4e21dffff 0x0000/0x0002 0x0040000
2612584.1660: *00007ff4e21e0000-00007ff5e21fffff 0x0000/0x0004 0x0020000
2622584.1660: *00007ff5e2200000-00007ff5e41fffff 0x0000/0x0004 0x0020000
2632584.1660: 00007ff5e4200000-00007ff5e4200fff 0x0004/0x0004 0x0020000
2642584.1660: 00007ff5e4201000-00007ff5e420ffff 0x0001/0x0000 0x0000000
2652584.1660: *00007ff5e4210000-00007ff5e4210fff 0x0002/0x0002 0x0040000
2662584.1660: 00007ff5e4211000-00007ff5e421ffff 0x0001/0x0000 0x0000000
2672584.1660: *00007ff5e4220000-00007ff5e4242fff 0x0002/0x0002 0x0040000
2682584.1660: 00007ff5e4243000-00007ff74df7ffff 0x0001/0x0000 0x0000000
2692584.1660: *00007ff74df80000-00007ff74df80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2702584.1660: 00007ff74df81000-00007ff74dff5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2712584.1660: 00007ff74dff6000-00007ff74dff6fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2722584.1660: 00007ff74dff7000-00007ff74e03efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2732584.1660: 00007ff74e03f000-00007ff74e041fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2742584.1660: 00007ff74e042000-00007ff74e044fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2752584.1660: 00007ff74e045000-00007ff74e047fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2762584.1660: 00007ff74e048000-00007ff74e048fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2772584.1660: 00007ff74e049000-00007ff74e04afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2782584.1660: 00007ff74e04b000-00007ff74e04bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2792584.1660: 00007ff74e04c000-00007ff74e094fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2802584.1660: 00007ff74e095000-00007ff82aa7ffff 0x0001/0x0000 0x0000000
2812584.1660: *00007ff82aa80000-00007ff82aa80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2822584.1660: 00007ff82aa81000-00007ff82ab83fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2832584.1660: 00007ff82ab84000-00007ff82acd9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2842584.1660: 00007ff82acda000-00007ff82acddfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2852584.1660: 00007ff82acde000-00007ff82acdefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2862584.1660: 00007ff82acdf000-00007ff82ad12fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2872584.1660: 00007ff82ad13000-00007ff82ddbffff 0x0001/0x0000 0x0000000
2882584.1660: *00007ff82ddc0000-00007ff82ddc0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2892584.1660: 00007ff82ddc1000-00007ff82de36fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2902584.1660: 00007ff82de37000-00007ff82de68fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2912584.1660: 00007ff82de69000-00007ff82de69fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2922584.1660: 00007ff82de6a000-00007ff82de6afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2932584.1660: 00007ff82de6b000-00007ff82de72fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2942584.1660: 00007ff82de73000-00007ff82e6bffff 0x0001/0x0000 0x0000000
2952584.1660: *00007ff82e6c0000-00007ff82e6c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2962584.1660: 00007ff82e6c1000-00007ff82e7d7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2972584.1660: 00007ff82e7d8000-00007ff82e81efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2982584.1660: 00007ff82e81f000-00007ff82e81ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2992584.1660: 00007ff82e820000-00007ff82e821fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3002584.1660: 00007ff82e822000-00007ff82e829fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3012584.1660: 00007ff82e82a000-00007ff82e8acfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3022584.1660: 00007ff82e8ad000-00007ffffffeffff 0x0001/0x0000 0x0000000
3032584.1660: kernel32.dll: timestamp 0x250a0626 (rc=VINF_SUCCESS)
3042584.1660: kernelbase.dll: timestamp 0xfb6790ac (rc=VINF_SUCCESS)
3052584.1660: VirtualBoxVM.exe: timestamp 0x5d9f7c37 (rc=VINF_SUCCESS)
3062584.1660: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
3072584.1660: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
3082584.1660: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0
3092584.1660: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
3102584.1660: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
3112584.1660: supR3HardNtEnableThreadCreationEx:
3122584.1660: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff82e735660 pvNtTerminateThread=00007ff82e7601b0
3132584.1660: supR3HardenedWinDoReSpawn(1): New child 2bf0.74c [kernel32].
3142584.1660: supR3HardNtChildGatherData: PebBaseAddress=00000000009ea000 cbPeb=0x388
3152584.1660: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff82e6c0000 uNtDllChildAddr=00007ff82e6c0000
3162584.1660: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff82e735660
3172584.1660: supR3HardenedWinSetupChildInit: Start child.
3182584.1660: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
3192584.1660: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 32 sleeps
3202584.1660: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
3212584.1660: *0000000000000000-00000000006dffff 0x0001/0x0000 0x0000000
3222584.1660: *00000000006e0000-00000000006fffff 0x0004/0x0004 0x0020000
3232584.1660: *0000000000700000-0000000000719fff 0x0002/0x0002 0x0040000
3242584.1660: 000000000071a000-000000000071ffff 0x0001/0x0000 0x0000000
3252584.1660: *0000000000720000-0000000000723fff 0x0002/0x0002 0x0040000
3262584.1660: 0000000000724000-000000000072ffff 0x0001/0x0000 0x0000000
3272584.1660: *0000000000730000-0000000000731fff 0x0004/0x0004 0x0020000
3282584.1660: 0000000000732000-00000000007fffff 0x0001/0x0000 0x0000000
3292584.1660: *0000000000800000-00000000009e9fff 0x0000/0x0004 0x0020000
3302584.1660: 00000000009ea000-00000000009ecfff 0x0004/0x0004 0x0020000
3312584.1660: 00000000009ed000-00000000009fffff 0x0000/0x0004 0x0020000
3322584.1660: *0000000000a00000-0000000000afafff 0x0000/0x0004 0x0020000
3332584.1660: 0000000000afb000-0000000000afdfff 0x0104/0x0004 0x0020000
3342584.1660: 0000000000afe000-0000000000afffff 0x0004/0x0004 0x0020000
3352584.1660: 0000000000b00000-000000007ffdffff 0x0001/0x0000 0x0000000
3362584.1660: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
3372584.1660: 000000007ffe1000-000000007ffe4fff 0x0001/0x0000 0x0000000
3382584.1660: *000000007ffe5000-000000007ffe5fff 0x0002/0x0002 0x0020000
3392584.1660: 000000007ffe6000-00007ff58fa9ffff 0x0001/0x0000 0x0000000
3402584.1660: *00007ff58faa0000-00007ff58faa0fff 0x0002/0x0002 0x0040000
3412584.1660: 00007ff58faa1000-00007ff58faaffff 0x0001/0x0000 0x0000000
3422584.1660: *00007ff58fab0000-00007ff58fad2fff 0x0002/0x0002 0x0040000
3432584.1660: 00007ff58fad3000-00007ff74df7ffff 0x0001/0x0000 0x0000000
3442584.1660: *00007ff74df80000-00007ff74df80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3452584.1660: 00007ff74df81000-00007ff74dff5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3462584.1660: 00007ff74dff6000-00007ff74dff6fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3472584.1660: 00007ff74dff7000-00007ff74e03efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3482584.1660: 00007ff74e03f000-00007ff74e03ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3492584.1660: 00007ff74e040000-00007ff74e040fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3502584.1660: 00007ff74e041000-00007ff74e045fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3512584.1660: 00007ff74e046000-00007ff74e046fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3522584.1660: 00007ff74e047000-00007ff74e047fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3532584.1660: 00007ff74e048000-00007ff74e04bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3542584.1660: 00007ff74e04c000-00007ff74e094fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3552584.1660: 00007ff74e095000-00007ff82e6bffff 0x0001/0x0000 0x0000000
3562584.1660: *00007ff82e6c0000-00007ff82e6c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3572584.1660: 00007ff82e6c1000-00007ff82e7d7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3582584.1660: 00007ff82e7d8000-00007ff82e81efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3592584.1660: 00007ff82e81f000-00007ff82e829fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3602584.1660: 00007ff82e82a000-00007ff82e837fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3612584.1660: 00007ff82e838000-00007ff82e838fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3622584.1660: 00007ff82e839000-00007ff82e83bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3632584.1660: 00007ff82e83c000-00007ff82e8acfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3642584.1660: 00007ff82e8ad000-00007ffffffeffff 0x0001/0x0000 0x0000000
3652584.1660: supR3HardNtChildPurify: Done after 516 ms and 0 fixes (loop #0).
3662bf0.74c: Log file opened: 6.0.14r133895 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0456300
3672bf0.74c: supR3HardenedVmProcessInit: uNtDllAddr=00007ff82e6c0000 g_uNtVerCombined=0xa0456300
3682bf0.74c: ntdll.dll: timestamp 0x1f1a0210 (rc=VINF_SUCCESS)
3692bf0.74c: New simple heap: #1 0000000000c00000 LB 0x400000 (for 2019328 allocation)
3702bf0.74c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3712bf0.74c: System32: \Device\HarddiskVolume2\Windows\System32
3722bf0.74c: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
3732584.1660: supR3HardNtEnableThreadCreationEx:
3742bf0.74c: KnownDllPath: C:\Windows\System32
3752bf0.74c: supR3HardenedVmProcessInit: Opening vboxdrv stub...
3762bf0.74c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3772bf0.74c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3782bf0.74c: Registered Dll notification callback with NTDLL.
3792bf0.74c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
3802bf0.74c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
3812bf0.74c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
3822bf0.74c: supR3HardenedDllNotificationCallback: load 00007ff82aa80000 LB 0x00293000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
3832bf0.74c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
3842bf0.74c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
3852bf0.74c: supR3HardenedDllNotificationCallback: load 00007ff82ddc0000 LB 0x000b3000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
3862bf0.74c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3872bf0.74c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82ddc0000 'C:\Windows\System32\KERNEL32.DLL'
3882bf0.74c: supR3HardenedDllNotificationCallback: load 00007ff74df80000 LB 0x00115000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
3892bf0.74c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
3902bf0.74c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
3912bf0.74c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3922bf0.74c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff82e735660 pvNtTerminateThread=00007ff82e7601b0
3932584.1660: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 125 ms.
3942bf0.74c: \SystemRoot\System32\ntdll.dll:
3952bf0.74c: CreationTime: 2019-10-26T06:25:21.218613600Z
3962bf0.74c: LastWriteTime: 2019-10-26T06:25:21.374772900Z
3972bf0.74c: ChangeTime: 2019-12-10T18:28:32.715327900Z
3982bf0.74c: FileAttributes: 0x20
3992bf0.74c: Size: 0x1e70e0
4002bf0.74c: NT Headers: 0xe0
4012bf0.74c: Timestamp: 0x1f1a0210
4022bf0.74c: Machine: 0x8664 - amd64
4032bf0.74c: Timestamp: 0x1f1a0210
4042bf0.74c: Image Version: 10.0
4052bf0.74c: SizeOfImage: 0x1ed000 (2019328)
4062bf0.74c: Resource Dir: 0x17d000 LB 0x6eb48
4072bf0.74c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
4082bf0.74c: [Raw version resource data: 0x17d0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
4092bf0.74c: ProductName: Microsoft® Windows® Operating System
4102bf0.74c: ProductVersion: 10.0.17763.831
4112bf0.74c: FileVersion: 10.0.17763.831 (WinBuild.160101.0800)
4122bf0.74c: FileDescription: NT Layer DLL
4132bf0.74c: \SystemRoot\System32\kernel32.dll:
4142bf0.74c: CreationTime: 2019-05-21T15:18:15.716327300Z
4152bf0.74c: LastWriteTime: 2019-05-21T15:18:15.747064300Z
4162bf0.74c: ChangeTime: 2019-12-10T18:28:32.668445800Z
4172bf0.74c: FileAttributes: 0x20
4182bf0.74c: Size: 0xb12c0
4192bf0.74c: NT Headers: 0xe8
4202bf0.74c: Timestamp: 0x250a0626
4212bf0.74c: Machine: 0x8664 - amd64
4222bf0.74c: Timestamp: 0x250a0626
4232bf0.74c: Image Version: 10.0
4242bf0.74c: SizeOfImage: 0xb3000 (733184)
4252bf0.74c: Resource Dir: 0xb1000 LB 0x520
4262bf0.74c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
4272bf0.74c: [Raw version resource data: 0xb10b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
4282bf0.74c: ProductName: Microsoft® Windows® Operating System
4292bf0.74c: ProductVersion: 10.0.17763.475
4302bf0.74c: FileVersion: 10.0.17763.475 (WinBuild.160101.0800)
4312bf0.74c: FileDescription: Windows NT BASE API Client DLL
4322bf0.74c: \SystemRoot\System32\KernelBase.dll:
4332bf0.74c: CreationTime: 2019-12-10T18:26:48.543167600Z
4342bf0.74c: LastWriteTime: 2019-12-10T18:26:48.777623900Z
4352bf0.74c: ChangeTime: 2019-12-10T19:01:12.208613700Z
4362bf0.74c: FileAttributes: 0x20
4372bf0.74c: Size: 0x2931f8
4382bf0.74c: NT Headers: 0xf8
4392bf0.74c: Timestamp: 0xfb6790ac
4402bf0.74c: Machine: 0x8664 - amd64
4412bf0.74c: Timestamp: 0xfb6790ac
4422bf0.74c: Image Version: 10.0
4432bf0.74c: SizeOfImage: 0x293000 (2699264)
4442bf0.74c: Resource Dir: 0x26f000 LB 0x548
4452bf0.74c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
4462bf0.74c: [Raw version resource data: 0x26f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
4472bf0.74c: ProductName: Microsoft® Windows® Operating System
4482bf0.74c: ProductVersion: 10.0.17763.914
4492bf0.74c: FileVersion: 10.0.17763.914 (WinBuild.160101.0800)
4502bf0.74c: FileDescription: Windows NT BASE API Client DLL
4512bf0.74c: \SystemRoot\System32\apisetschema.dll:
4522bf0.74c: CreationTime: 2018-09-15T07:28:25.403122600Z
4532bf0.74c: LastWriteTime: 2018-09-15T07:28:25.403122600Z
4542bf0.74c: ChangeTime: 2019-08-01T13:38:31.956025100Z
4552bf0.74c: FileAttributes: 0x20
4562bf0.74c: Size: 0x1c738
4572bf0.74c: NT Headers: 0xd0
4582bf0.74c: Timestamp: 0x33775897
4592bf0.74c: Machine: 0x8664 - amd64
4602bf0.74c: Timestamp: 0x33775897
4612bf0.74c: Image Version: 10.0
4622bf0.74c: SizeOfImage: 0x1d000 (118784)
4632bf0.74c: Resource Dir: 0x1c000 LB 0x408
4642bf0.74c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
4652bf0.74c: [Raw version resource data: 0x1c060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
4662bf0.74c: ProductName: Microsoft® Windows® Operating System
4672bf0.74c: ProductVersion: 10.0.17763.1
4682bf0.74c: FileVersion: 10.0.17763.1 (WinBuild.160101.0800)
4692bf0.74c: FileDescription: ApiSet Schema DLL
4702bf0.74c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
4712bf0.74c: supR3HardenedWinFindAdversaries: 0x40
4722bf0.74c: \SystemRoot\System32\drivers\klflt.sys:
4732bf0.74c: CreationTime: 2019-08-05T11:58:31.714327500Z
4742bf0.74c: LastWriteTime: 2019-10-31T09:59:01.548529300Z
4752bf0.74c: ChangeTime: 2019-10-31T09:59:01.548529300Z
4762bf0.74c: FileAttributes: 0x20
4772bf0.74c: Size: 0x3d678
4782bf0.74c: NT Headers: 0x100
4792bf0.74c: Timestamp: 0xddaa7cbc
4802bf0.74c: Machine: 0x8664 - amd64
4812bf0.74c: Timestamp: 0xddaa7cbc
4822bf0.74c: Image Version: 6.1
4832bf0.74c: SizeOfImage: 0x4a000 (303104)
4842bf0.74c: Resource Dir: 0x47000 LB 0x418
4852bf0.74c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
4862bf0.74c: [Raw version resource data: 0x47060 LB 0x3b8, codepage 0x0 (reserved 0x0)]
4872bf0.74c: ProductName: Coretech Delivery
4882bf0.74c: ProductVersion: 30.112.90.0
4892bf0.74c: FileVersion: 30.112.90.0
4902bf0.74c: FileDescription: Filter Core [fre_win7_amd64]
4912bf0.74c: \SystemRoot\System32\drivers\klif.sys:
4922bf0.74c: CreationTime: 2019-08-05T11:58:31.848799700Z
4932bf0.74c: LastWriteTime: 2019-10-31T09:59:01.803543200Z
4942bf0.74c: ChangeTime: 2019-10-31T09:59:01.803543200Z
4952bf0.74c: FileAttributes: 0x20
4962bf0.74c: Size: 0xf3a80
4972bf0.74c: NT Headers: 0xf8
4982bf0.74c: Timestamp: 0x5da6282c
4992bf0.74c: Machine: 0x8664 - amd64
5002bf0.74c: Timestamp: 0x5da6282c
5012bf0.74c: Image Version: 6.1
5022bf0.74c: SizeOfImage: 0xf4000 (999424)
5032bf0.74c: Resource Dir: 0xeb000 LB 0x33f8
5042bf0.74c: [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)]
5052bf0.74c: [Raw version resource data: 0xee028 LB 0x3d0, codepage 0x0 (reserved 0x0)]
5062bf0.74c: ProductName: Coretech Delivery
5072bf0.74c: ProductVersion: 30.112.90.0
5082bf0.74c: FileVersion: 30.112.90.0
5092bf0.74c: FileDescription: Core System Interceptors [fre_win7_amd64]
5102bf0.74c: \SystemRoot\System32\drivers\klim6.sys:
5112bf0.74c: CreationTime: 2019-03-19T02:21:06.000000000Z
5122bf0.74c: LastWriteTime: 2019-03-19T02:21:06.000000000Z
5132bf0.74c: ChangeTime: 2019-08-05T11:59:15.443759300Z
5142bf0.74c: FileAttributes: 0x20
5152bf0.74c: Size: 0xe350
5162bf0.74c: NT Headers: 0xe0
5172bf0.74c: Timestamp: 0x54ad405e
5182bf0.74c: Machine: 0x8664 - amd64
5192bf0.74c: Timestamp: 0x54ad405e
5202bf0.74c: Image Version: 6.1
5212bf0.74c: SizeOfImage: 0xb000 (45056)
5222bf0.74c: Resource Dir: 0x9000 LB 0x430
5232bf0.74c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
5242bf0.74c: [Raw version resource data: 0x9060 LB 0x3cc, codepage 0x0 (reserved 0x0)]
5252bf0.74c: ProductName: Coretech Delivery
5262bf0.74c: ProductVersion: 30.0.3724.0
5272bf0.74c: FileVersion: 30.0.3724.0
5282bf0.74c: FileDescription: Packet Network Filter [fre_win7_amd64]
5292bf0.74c: \SystemRoot\System32\drivers\klkbdflt.sys:
5302bf0.74c: CreationTime: 2019-03-17T21:11:30.000000000Z
5312bf0.74c: LastWriteTime: 2019-03-17T21:11:30.000000000Z
5322bf0.74c: ChangeTime: 2019-08-05T11:59:11.806205900Z
5332bf0.74c: FileAttributes: 0x20
5342bf0.74c: Size: 0x13550
5352bf0.74c: NT Headers: 0xf8
5362bf0.74c: Timestamp: 0x79cc11d7
5372bf0.74c: Machine: 0x8664 - amd64
5382bf0.74c: Timestamp: 0x79cc11d7
5392bf0.74c: Image Version: 6.1
5402bf0.74c: SizeOfImage: 0x12000 (73728)
5412bf0.74c: Resource Dir: 0x10000 LB 0x438
5422bf0.74c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
5432bf0.74c: [Raw version resource data: 0x10060 LB 0x3d4, codepage 0x0 (reserved 0x0)]
5442bf0.74c: ProductName: Coretech Delivery
5452bf0.74c: ProductVersion: 30.0.3716.0
5462bf0.74c: FileVersion: 30.0.3716.0
5472bf0.74c: FileDescription: Keyboard Device Filter [fre_win7_amd64]
5482bf0.74c: \SystemRoot\System32\drivers\klmouflt.sys:
5492bf0.74c: CreationTime: 2019-03-17T20:50:34.000000000Z
5502bf0.74c: LastWriteTime: 2019-03-17T20:50:34.000000000Z
5512bf0.74c: ChangeTime: 2019-08-05T11:59:11.843009100Z
5522bf0.74c: FileAttributes: 0x20
5532bf0.74c: Size: 0xe878
5542bf0.74c: NT Headers: 0xe8
5552bf0.74c: Timestamp: 0xab7b625
5562bf0.74c: Machine: 0x8664 - amd64
5572bf0.74c: Timestamp: 0xab7b625
5582bf0.74c: Image Version: 6.1
5592bf0.74c: SizeOfImage: 0xe000 (57344)
5602bf0.74c: Resource Dir: 0xc000 LB 0x430
5612bf0.74c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
5622bf0.74c: [Raw version resource data: 0xc060 LB 0x3d0, codepage 0x0 (reserved 0x0)]
5632bf0.74c: ProductName: Coretech Delivery
5642bf0.74c: ProductVersion: 30.0.3716.0
5652bf0.74c: FileVersion: 30.0.3716.0
5662bf0.74c: FileDescription: Mouse Device Filter [fre_win7_amd64]
5672bf0.74c: \SystemRoot\System32\drivers\kneps.sys:
5682bf0.74c: CreationTime: 2019-03-18T21:31:38.000000000Z
5692bf0.74c: LastWriteTime: 2019-03-18T21:31:38.000000000Z
5702bf0.74c: ChangeTime: 2019-08-05T11:59:10.794405100Z
5712bf0.74c: FileAttributes: 0x20
5722bf0.74c: Size: 0x38b50
5732bf0.74c: NT Headers: 0x108
5742bf0.74c: Timestamp: 0x7aa255dc
5752bf0.74c: Machine: 0x8664 - amd64
5762bf0.74c: Timestamp: 0x7aa255dc
5772bf0.74c: Image Version: 6.1
5782bf0.74c: SizeOfImage: 0x38000 (229376)
5792bf0.74c: Resource Dir: 0x35000 LB 0x428
5802bf0.74c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
5812bf0.74c: [Raw version resource data: 0x35060 LB 0x3c4, codepage 0x0 (reserved 0x0)]
5822bf0.74c: ProductName: Coretech Delivery
5832bf0.74c: ProductVersion: 30.0.3731.0
5842bf0.74c: FileVersion: 30.0.3731.0
5852bf0.74c: FileDescription: Network Processor [fre_win7_amd64]
5862bf0.74c: \SystemRoot\System32\klfphc.dll:
5872bf0.74c: CreationTime: 2019-08-05T11:59:09.424175900Z
5882bf0.74c: LastWriteTime: 2013-05-06T03:13:26.000000000Z
5892bf0.74c: ChangeTime: 2019-08-05T11:58:46.331052700Z
5902bf0.74c: FileAttributes: 0x20
5912bf0.74c: Size: 0x1ae60
5922bf0.74c: NT Headers: 0xe8
5932bf0.74c: Timestamp: 0x51873bf2
5942bf0.74c: Machine: 0x8664 - amd64
5952bf0.74c: Timestamp: 0x51873bf2
5962bf0.74c: Image Version: 0.0
5972bf0.74c: SizeOfImage: 0x1d000 (118784)
5982bf0.74c: Resource Dir: 0x18000 LB 0x3c80
5992bf0.74c: [Version info resource found at 0x188! (ID/Name: 0x1; SubID/SubName: 0x409)]
6002bf0.74c: [Raw version resource data: 0x1b800 LB 0x324, codepage 0x4e4 (reserved 0x0)]
6012bf0.74c: ProductName: Kaspersky™ Anti-Virus ®
6022bf0.74c: ProductVersion: 1.0.0.12
6032bf0.74c: FileVersion: 1.0.0.12
6042bf0.74c: FileDescription: Filtering Platform Helper Class
6052bf0.74c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
6062bf0.74c: Calling main()
6072bf0.74c: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
6082bf0.74c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
6092bf0.74c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
6102bf0.74c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
6112bf0.74c: SUPR3HardenedMain: Respawn #2
6122bf0.74c: supR3HardNtEnableThreadCreationEx:
6132bf0.74c: supR3HardenedDllNotificationCallback: load 00007ff82b9b0000 LB 0x00122000 C:\Windows\System32\RPCRT4.dll [fFlags=0x0]
6142bf0.74c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
6152bf0.74c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
6162bf0.74c: supR3HardenedDllNotificationCallback: load 00007ff82bae0000 LB 0x0009e000 C:\Windows\System32\sechost.dll [fFlags=0x0]
6172bf0.74c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
6182bf0.74c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
6192bf0.74c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
6202bf0.74c: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
6212bf0.74c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll)
6222bf0.74c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
6232bf0.74c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6242bf0.74c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6252bf0.74c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6262bf0.74c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6272bf0.74c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82e6c0000 'C:\Windows\System32\ntdll.dll'
6282bf0.74c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff82e735660 pvNtTerminateThread=00007ff82e7601b0
6292bf0.74c: supR3HardenedWinDoReSpawn(2): New child 2e8c.3184 [kernel32].
6302bf0.74c: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
6312bf0.74c: supR3HardNtChildGatherData: PebBaseAddress=00000000002e4000 cbPeb=0x388
6322bf0.74c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff82e6c0000 uNtDllChildAddr=00007ff82e6c0000
6332bf0.74c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff82e735660
6342bf0.74c: supR3HardenedWinSetupChildInit: Start child.
6352bf0.74c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
6362bf0.74c: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 33 sleeps
6372bf0.74c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
6382bf0.74c: *0000000000000000-000000000014ffff 0x0001/0x0000 0x0000000
6392bf0.74c: *0000000000150000-000000000016ffff 0x0004/0x0004 0x0020000
6402bf0.74c: *0000000000170000-0000000000189fff 0x0002/0x0002 0x0040000
6412bf0.74c: 000000000018a000-000000000018ffff 0x0001/0x0000 0x0000000
6422bf0.74c: *0000000000190000-0000000000193fff 0x0002/0x0002 0x0040000
6432bf0.74c: 0000000000194000-000000000019ffff 0x0001/0x0000 0x0000000
6442bf0.74c: *00000000001a0000-00000000001a1fff 0x0004/0x0004 0x0020000
6452bf0.74c: 00000000001a2000-00000000001fffff 0x0001/0x0000 0x0000000
6462bf0.74c: *0000000000200000-00000000002e3fff 0x0000/0x0004 0x0020000
6472bf0.74c: 00000000002e4000-00000000002e6fff 0x0004/0x0004 0x0020000
6482bf0.74c: 00000000002e7000-00000000003fffff 0x0000/0x0004 0x0020000
6492bf0.74c: *0000000000400000-00000000004fafff 0x0000/0x0004 0x0020000
6502bf0.74c: 00000000004fb000-00000000004fdfff 0x0104/0x0004 0x0020000
6512bf0.74c: 00000000004fe000-00000000004fffff 0x0004/0x0004 0x0020000
6522bf0.74c: 0000000000500000-000000007ffdffff 0x0001/0x0000 0x0000000
6532bf0.74c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
6542bf0.74c: 000000007ffe1000-000000007ffe4fff 0x0001/0x0000 0x0000000
6552bf0.74c: *000000007ffe5000-000000007ffe5fff 0x0002/0x0002 0x0020000
6562bf0.74c: 000000007ffe6000-00007ff55d2dffff 0x0001/0x0000 0x0000000
6572bf0.74c: *00007ff55d2e0000-00007ff55d2e0fff 0x0002/0x0002 0x0040000
6582bf0.74c: 00007ff55d2e1000-00007ff55d2effff 0x0001/0x0000 0x0000000
6592bf0.74c: *00007ff55d2f0000-00007ff55d312fff 0x0002/0x0002 0x0040000
6602bf0.74c: 00007ff55d313000-00007ff74df7ffff 0x0001/0x0000 0x0000000
6612bf0.74c: *00007ff74df80000-00007ff74df80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6622bf0.74c: 00007ff74df81000-00007ff74dff5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6632bf0.74c: 00007ff74dff6000-00007ff74dff6fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6642bf0.74c: 00007ff74dff7000-00007ff74e03efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6652bf0.74c: 00007ff74e03f000-00007ff74e03ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6662bf0.74c: 00007ff74e040000-00007ff74e040fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6672bf0.74c: 00007ff74e041000-00007ff74e045fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6682bf0.74c: 00007ff74e046000-00007ff74e046fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6692bf0.74c: 00007ff74e047000-00007ff74e047fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6702bf0.74c: 00007ff74e048000-00007ff74e04bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6712bf0.74c: 00007ff74e04c000-00007ff74e094fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6722bf0.74c: 00007ff74e095000-00007ff82e6bffff 0x0001/0x0000 0x0000000
6732bf0.74c: *00007ff82e6c0000-00007ff82e6c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
6742bf0.74c: 00007ff82e6c1000-00007ff82e7d7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
6752bf0.74c: 00007ff82e7d8000-00007ff82e81efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
6762bf0.74c: 00007ff82e81f000-00007ff82e829fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
6772bf0.74c: 00007ff82e82a000-00007ff82e837fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
6782bf0.74c: 00007ff82e838000-00007ff82e838fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
6792bf0.74c: 00007ff82e839000-00007ff82e83bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
6802bf0.74c: 00007ff82e83c000-00007ff82e8acfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
6812bf0.74c: 00007ff82e8ad000-00007ffffffeffff 0x0001/0x0000 0x0000000
6822bf0.74c: VirtualBoxVM.exe: timestamp 0x5d9f7c37 (rc=VINF_SUCCESS)
6832bf0.74c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
6842bf0.74c: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
6852bf0.74c: supR3HardNtChildPurify: Done after 562 ms and 0 fixes (loop #0).
6862e8c.3184: Log file opened: 6.0.14r133895 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0456300
6872e8c.3184: supR3HardenedVmProcessInit: uNtDllAddr=00007ff82e6c0000 g_uNtVerCombined=0xa0456300
6882e8c.3184: ntdll.dll: timestamp 0x1f1a0210 (rc=VINF_SUCCESS)
6892e8c.3184: New simple heap: #1 0000000000600000 LB 0x400000 (for 2019328 allocation)
6902bf0.74c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000c00000 LB 0x400000)
6912bf0.74c: supR3HardNtEnableThreadCreationEx:
6922e8c.3184: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
6932e8c.3184: System32: \Device\HarddiskVolume2\Windows\System32
6942e8c.3184: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
6952e8c.3184: KnownDllPath: C:\Windows\System32
6962e8c.3184: supR3HardenedVmProcessInit: Opening vboxdrv...
6972e8c.3184: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
6982e8c.3184: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
6992e8c.3184: Registered Dll notification callback with NTDLL.
7002e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
7012e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
7022e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
7032e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff82aa80000 LB 0x00293000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
7042e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
7052e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
7062e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff82ddc0000 LB 0x000b3000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
7072e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
7082e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82ddc0000 'C:\Windows\System32\KERNEL32.DLL'
7092e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff74df80000 LB 0x00115000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
7102e8c.3184: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
7112e8c.3184: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
7122e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
7132e8c.3184: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff82e735660 pvNtTerminateThread=00007ff82e7601b0
7142bf0.74c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 125 ms.
7152e8c.3184: \SystemRoot\System32\ntdll.dll:
7162e8c.3184: CreationTime: 2019-10-26T06:25:21.218613600Z
7172e8c.3184: LastWriteTime: 2019-10-26T06:25:21.374772900Z
7182e8c.3184: ChangeTime: 2019-12-10T18:28:32.715327900Z
7192e8c.3184: FileAttributes: 0x20
7202e8c.3184: Size: 0x1e70e0
7212e8c.3184: NT Headers: 0xe0
7222e8c.3184: Timestamp: 0x1f1a0210
7232e8c.3184: Machine: 0x8664 - amd64
7242e8c.3184: Timestamp: 0x1f1a0210
7252e8c.3184: Image Version: 10.0
7262e8c.3184: SizeOfImage: 0x1ed000 (2019328)
7272e8c.3184: Resource Dir: 0x17d000 LB 0x6eb48
7282e8c.3184: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
7292e8c.3184: [Raw version resource data: 0x17d0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
7302e8c.3184: ProductName: Microsoft® Windows® Operating System
7312e8c.3184: ProductVersion: 10.0.17763.831
7322e8c.3184: FileVersion: 10.0.17763.831 (WinBuild.160101.0800)
7332e8c.3184: FileDescription: NT Layer DLL
7342e8c.3184: \SystemRoot\System32\kernel32.dll:
7352e8c.3184: CreationTime: 2019-05-21T15:18:15.716327300Z
7362e8c.3184: LastWriteTime: 2019-05-21T15:18:15.747064300Z
7372e8c.3184: ChangeTime: 2019-12-10T18:28:32.668445800Z
7382e8c.3184: FileAttributes: 0x20
7392e8c.3184: Size: 0xb12c0
7402e8c.3184: NT Headers: 0xe8
7412e8c.3184: Timestamp: 0x250a0626
7422e8c.3184: Machine: 0x8664 - amd64
7432e8c.3184: Timestamp: 0x250a0626
7442e8c.3184: Image Version: 10.0
7452e8c.3184: SizeOfImage: 0xb3000 (733184)
7462e8c.3184: Resource Dir: 0xb1000 LB 0x520
7472e8c.3184: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
7482e8c.3184: [Raw version resource data: 0xb10b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
7492e8c.3184: ProductName: Microsoft® Windows® Operating System
7502e8c.3184: ProductVersion: 10.0.17763.475
7512e8c.3184: FileVersion: 10.0.17763.475 (WinBuild.160101.0800)
7522e8c.3184: FileDescription: Windows NT BASE API Client DLL
7532e8c.3184: \SystemRoot\System32\KernelBase.dll:
7542e8c.3184: CreationTime: 2019-12-10T18:26:48.543167600Z
7552e8c.3184: LastWriteTime: 2019-12-10T18:26:48.777623900Z
7562e8c.3184: ChangeTime: 2019-12-10T19:01:12.208613700Z
7572e8c.3184: FileAttributes: 0x20
7582e8c.3184: Size: 0x2931f8
7592e8c.3184: NT Headers: 0xf8
7602e8c.3184: Timestamp: 0xfb6790ac
7612e8c.3184: Machine: 0x8664 - amd64
7622e8c.3184: Timestamp: 0xfb6790ac
7632e8c.3184: Image Version: 10.0
7642e8c.3184: SizeOfImage: 0x293000 (2699264)
7652e8c.3184: Resource Dir: 0x26f000 LB 0x548
7662e8c.3184: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
7672e8c.3184: [Raw version resource data: 0x26f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
7682e8c.3184: ProductName: Microsoft® Windows® Operating System
7692e8c.3184: ProductVersion: 10.0.17763.914
7702e8c.3184: FileVersion: 10.0.17763.914 (WinBuild.160101.0800)
7712e8c.3184: FileDescription: Windows NT BASE API Client DLL
7722e8c.3184: \SystemRoot\System32\apisetschema.dll:
7732e8c.3184: CreationTime: 2018-09-15T07:28:25.403122600Z
7742e8c.3184: LastWriteTime: 2018-09-15T07:28:25.403122600Z
7752e8c.3184: ChangeTime: 2019-08-01T13:38:31.956025100Z
7762e8c.3184: FileAttributes: 0x20
7772e8c.3184: Size: 0x1c738
7782e8c.3184: NT Headers: 0xd0
7792e8c.3184: Timestamp: 0x33775897
7802e8c.3184: Machine: 0x8664 - amd64
7812e8c.3184: Timestamp: 0x33775897
7822e8c.3184: Image Version: 10.0
7832e8c.3184: SizeOfImage: 0x1d000 (118784)
7842e8c.3184: Resource Dir: 0x1c000 LB 0x408
7852e8c.3184: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7862e8c.3184: [Raw version resource data: 0x1c060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
7872e8c.3184: ProductName: Microsoft® Windows® Operating System
7882e8c.3184: ProductVersion: 10.0.17763.1
7892e8c.3184: FileVersion: 10.0.17763.1 (WinBuild.160101.0800)
7902e8c.3184: FileDescription: ApiSet Schema DLL
7912e8c.3184: NtOpenDirectoryObject failed on \Driver: 0xc0000022
7922e8c.3184: supR3HardenedWinFindAdversaries: 0x40
7932e8c.3184: \SystemRoot\System32\drivers\klflt.sys:
7942e8c.3184: CreationTime: 2019-08-05T11:58:31.714327500Z
7952e8c.3184: LastWriteTime: 2019-10-31T09:59:01.548529300Z
7962e8c.3184: ChangeTime: 2019-10-31T09:59:01.548529300Z
7972e8c.3184: FileAttributes: 0x20
7982e8c.3184: Size: 0x3d678
7992e8c.3184: NT Headers: 0x100
8002e8c.3184: Timestamp: 0xddaa7cbc
8012e8c.3184: Machine: 0x8664 - amd64
8022e8c.3184: Timestamp: 0xddaa7cbc
8032e8c.3184: Image Version: 6.1
8042e8c.3184: SizeOfImage: 0x4a000 (303104)
8052e8c.3184: Resource Dir: 0x47000 LB 0x418
8062e8c.3184: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
8072e8c.3184: [Raw version resource data: 0x47060 LB 0x3b8, codepage 0x0 (reserved 0x0)]
8082e8c.3184: ProductName: Coretech Delivery
8092e8c.3184: ProductVersion: 30.112.90.0
8102e8c.3184: FileVersion: 30.112.90.0
8112e8c.3184: FileDescription: Filter Core [fre_win7_amd64]
8122e8c.3184: \SystemRoot\System32\drivers\klif.sys:
8132e8c.3184: CreationTime: 2019-08-05T11:58:31.848799700Z
8142e8c.3184: LastWriteTime: 2019-10-31T09:59:01.803543200Z
8152e8c.3184: ChangeTime: 2019-10-31T09:59:01.803543200Z
8162e8c.3184: FileAttributes: 0x20
8172e8c.3184: Size: 0xf3a80
8182e8c.3184: NT Headers: 0xf8
8192e8c.3184: Timestamp: 0x5da6282c
8202e8c.3184: Machine: 0x8664 - amd64
8212e8c.3184: Timestamp: 0x5da6282c
8222e8c.3184: Image Version: 6.1
8232e8c.3184: SizeOfImage: 0xf4000 (999424)
8242e8c.3184: Resource Dir: 0xeb000 LB 0x33f8
8252e8c.3184: [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)]
8262e8c.3184: [Raw version resource data: 0xee028 LB 0x3d0, codepage 0x0 (reserved 0x0)]
8272e8c.3184: ProductName: Coretech Delivery
8282e8c.3184: ProductVersion: 30.112.90.0
8292e8c.3184: FileVersion: 30.112.90.0
8302e8c.3184: FileDescription: Core System Interceptors [fre_win7_amd64]
8312e8c.3184: \SystemRoot\System32\drivers\klim6.sys:
8322e8c.3184: CreationTime: 2019-03-19T02:21:06.000000000Z
8332e8c.3184: LastWriteTime: 2019-03-19T02:21:06.000000000Z
8342e8c.3184: ChangeTime: 2019-08-05T11:59:15.443759300Z
8352e8c.3184: FileAttributes: 0x20
8362e8c.3184: Size: 0xe350
8372e8c.3184: NT Headers: 0xe0
8382e8c.3184: Timestamp: 0x54ad405e
8392e8c.3184: Machine: 0x8664 - amd64
8402e8c.3184: Timestamp: 0x54ad405e
8412e8c.3184: Image Version: 6.1
8422e8c.3184: SizeOfImage: 0xb000 (45056)
8432e8c.3184: Resource Dir: 0x9000 LB 0x430
8442e8c.3184: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
8452e8c.3184: [Raw version resource data: 0x9060 LB 0x3cc, codepage 0x0 (reserved 0x0)]
8462e8c.3184: ProductName: Coretech Delivery
8472e8c.3184: ProductVersion: 30.0.3724.0
8482e8c.3184: FileVersion: 30.0.3724.0
8492e8c.3184: FileDescription: Packet Network Filter [fre_win7_amd64]
8502e8c.3184: \SystemRoot\System32\drivers\klkbdflt.sys:
8512e8c.3184: CreationTime: 2019-03-17T21:11:30.000000000Z
8522e8c.3184: LastWriteTime: 2019-03-17T21:11:30.000000000Z
8532e8c.3184: ChangeTime: 2019-08-05T11:59:11.806205900Z
8542e8c.3184: FileAttributes: 0x20
8552e8c.3184: Size: 0x13550
8562e8c.3184: NT Headers: 0xf8
8572e8c.3184: Timestamp: 0x79cc11d7
8582e8c.3184: Machine: 0x8664 - amd64
8592e8c.3184: Timestamp: 0x79cc11d7
8602e8c.3184: Image Version: 6.1
8612e8c.3184: SizeOfImage: 0x12000 (73728)
8622e8c.3184: Resource Dir: 0x10000 LB 0x438
8632e8c.3184: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
8642e8c.3184: [Raw version resource data: 0x10060 LB 0x3d4, codepage 0x0 (reserved 0x0)]
8652e8c.3184: ProductName: Coretech Delivery
8662e8c.3184: ProductVersion: 30.0.3716.0
8672e8c.3184: FileVersion: 30.0.3716.0
8682e8c.3184: FileDescription: Keyboard Device Filter [fre_win7_amd64]
8692e8c.3184: \SystemRoot\System32\drivers\klmouflt.sys:
8702e8c.3184: CreationTime: 2019-03-17T20:50:34.000000000Z
8712e8c.3184: LastWriteTime: 2019-03-17T20:50:34.000000000Z
8722e8c.3184: ChangeTime: 2019-08-05T11:59:11.843009100Z
8732e8c.3184: FileAttributes: 0x20
8742e8c.3184: Size: 0xe878
8752e8c.3184: NT Headers: 0xe8
8762e8c.3184: Timestamp: 0xab7b625
8772e8c.3184: Machine: 0x8664 - amd64
8782e8c.3184: Timestamp: 0xab7b625
8792e8c.3184: Image Version: 6.1
8802e8c.3184: SizeOfImage: 0xe000 (57344)
8812e8c.3184: Resource Dir: 0xc000 LB 0x430
8822e8c.3184: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
8832e8c.3184: [Raw version resource data: 0xc060 LB 0x3d0, codepage 0x0 (reserved 0x0)]
8842e8c.3184: ProductName: Coretech Delivery
8852e8c.3184: ProductVersion: 30.0.3716.0
8862e8c.3184: FileVersion: 30.0.3716.0
8872e8c.3184: FileDescription: Mouse Device Filter [fre_win7_amd64]
8882e8c.3184: \SystemRoot\System32\drivers\kneps.sys:
8892e8c.3184: CreationTime: 2019-03-18T21:31:38.000000000Z
8902e8c.3184: LastWriteTime: 2019-03-18T21:31:38.000000000Z
8912e8c.3184: ChangeTime: 2019-08-05T11:59:10.794405100Z
8922e8c.3184: FileAttributes: 0x20
8932e8c.3184: Size: 0x38b50
8942e8c.3184: NT Headers: 0x108
8952e8c.3184: Timestamp: 0x7aa255dc
8962e8c.3184: Machine: 0x8664 - amd64
8972e8c.3184: Timestamp: 0x7aa255dc
8982e8c.3184: Image Version: 6.1
8992e8c.3184: SizeOfImage: 0x38000 (229376)
9002e8c.3184: Resource Dir: 0x35000 LB 0x428
9012e8c.3184: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
9022e8c.3184: [Raw version resource data: 0x35060 LB 0x3c4, codepage 0x0 (reserved 0x0)]
9032e8c.3184: ProductName: Coretech Delivery
9042e8c.3184: ProductVersion: 30.0.3731.0
9052e8c.3184: FileVersion: 30.0.3731.0
9062e8c.3184: FileDescription: Network Processor [fre_win7_amd64]
9072e8c.3184: \SystemRoot\System32\klfphc.dll:
9082e8c.3184: CreationTime: 2019-08-05T11:59:09.424175900Z
9092e8c.3184: LastWriteTime: 2013-05-06T03:13:26.000000000Z
9102e8c.3184: ChangeTime: 2019-08-05T11:58:46.331052700Z
9112e8c.3184: FileAttributes: 0x20
9122e8c.3184: Size: 0x1ae60
9132e8c.3184: NT Headers: 0xe8
9142e8c.3184: Timestamp: 0x51873bf2
9152e8c.3184: Machine: 0x8664 - amd64
9162e8c.3184: Timestamp: 0x51873bf2
9172e8c.3184: Image Version: 0.0
9182e8c.3184: SizeOfImage: 0x1d000 (118784)
9192e8c.3184: Resource Dir: 0x18000 LB 0x3c80
9202e8c.3184: [Version info resource found at 0x188! (ID/Name: 0x1; SubID/SubName: 0x409)]
9212e8c.3184: [Raw version resource data: 0x1b800 LB 0x324, codepage 0x4e4 (reserved 0x0)]
9222e8c.3184: ProductName: Kaspersky™ Anti-Virus ®
9232e8c.3184: ProductVersion: 1.0.0.12
9242e8c.3184: FileVersion: 1.0.0.12
9252e8c.3184: FileDescription: Filtering Platform Helper Class
9262e8c.3184: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
9272e8c.3184: Calling main()
9282e8c.3184: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
9292e8c.3184: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
9302e8c.3184: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
9312e8c.3184: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
9322e8c.3184: SUPR3HardenedMain: Final process, opening VBoxDrv...
9332e8c.3184: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000600000 LB 0x400000)
9342e8c.3184: supR3HardNtEnableThreadCreationEx:
9352e8c.3184: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
9362e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
9372e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9382e8c.3184: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
9392e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff826f30000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
9402e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
9412e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
9422e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9432e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff826f30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
9442e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
9452e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9462e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff826f30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
9472e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff826f30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
9482e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9492e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
9502e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
9512e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
9522e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
9532e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
9542e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9552e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9562e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
9572e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
9582e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
9592e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
9602e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'msasn1.dll'.
9612e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
9622e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
9632e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
9642e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
9652e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
9662e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
9672e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9682e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9692e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
9702e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
9712e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
9722e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
9732e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
9742e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9752e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff82dd20000 LB 0x0009e000 C:\Windows\System32\msvcrt.dll [fFlags=0x0]
9762e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9772e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff82a6a0000 LB 0x00012000 C:\Windows\System32\MSASN1.dll [fFlags=0x0]
9782e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
9792e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff82a780000 LB 0x000fa000 C:\Windows\System32\ucrtbase.dll [fFlags=0x0]
9802e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll)
9812e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ucrtbase.dll
9822e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff82b470000 LB 0x001db000 C:\Windows\System32\CRYPT32.dll [fFlags=0x0]
9832e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9842e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff82b9b0000 LB 0x00122000 C:\Windows\System32\RPCRT4.dll [fFlags=0x0]
9852e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9862e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff82aa20000 LB 0x00059000 C:\Windows\System32\Wintrust.dll [fFlags=0x0]
9872e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9882e8c.3184: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
9892e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9902e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82aa80000 'api-ms-win-core-synch-l1-2-0'
9912e8c.3184: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
9922e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9932e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82aa80000 'api-ms-win-core-fibers-l1-1-1'
9942e8c.3184: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
9952e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9962e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82aa80000 'api-ms-win-core-fibers-l1-1-1'
9972e8c.3184: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
9982e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9992e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82aa80000 'api-ms-win-core-synch-l1-2-0'
10002e8c.3184: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
10012e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
10022e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82aa80000 'api-ms-win-core-localization-l1-2-1'
10032e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82aa20000 'C:\Windows\system32\Wintrust.dll'
10042e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
10052e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
10062e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
10072e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff82a750000 LB 0x00026000 C:\Windows\System32\bcrypt.dll [fFlags=0x0]
10082e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
10092e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82a750000 'C:\Windows\system32\bcrypt.dll'
10102e8c.3184: bcrypt.dll loaded at 00007ff82a750000, BCryptOpenAlgorithmProvider at 00007ff82a754d60, preloading providers:
10112e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
10122e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
10132e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10142e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff82a950000 LB 0x0007e000 C:\Windows\System32\bcryptprimitives.dll [fFlags=0x0]
10152e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
10162e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82a950000 'C:\Windows\system32\bcryptprimitives.dll'
10172e8c.3184: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000a4d8c0)
10182e8c.3184: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000a4e620)
10192e8c.3184: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000a4f130)
10202e8c.3184: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000a4f430)
10212e8c.3184: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000a4f730)
10222e8c.3184: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000a4fa30)
10232e8c.3184: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000a4fd30)
10242e8c.3184: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000a50440)
10252e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff82a880000 LB 0x00017000 C:\Windows\System32\CRYPTSP.dll [fFlags=0x0]
10262e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
10272e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
10282e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
10292e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
10302e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
10312e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
10322e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
10332e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
10342e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10352e8c.3184: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10362e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff829a70000 LB 0x00033000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
10372e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10382e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
10392e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
10402e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
10412e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
10422e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff82a0c0000 LB 0x0000c000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
10432e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
10442e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
10452e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
10462e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
10472e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
10482e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10492e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82ddc0000 'C:\Windows\System32\kernel32.dll'
10502e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10512e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10522e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82aa20000 'C:\Windows\System32\WINTRUST.DLL'
10532e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10542e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
10552e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\CRYPT32.dll'
10562e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff82b910000 LB 0x0001d000 C:\Windows\System32\imagehlp.dll [fFlags=0x0]
10572e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
10582e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
10592e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10602e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10612e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
10622e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff82bae0000 LB 0x0009e000 C:\Windows\System32\sechost.dll [fFlags=0x0]
10632e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
10642e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
10652e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
10662e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10672e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
10682e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
10692e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
10702e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff829310000 LB 0x00022000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0]
10712e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
10722e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff82a6c0000 LB 0x00024000 C:\Windows\System32\profapi.dll [fFlags=0x0]
10732e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
10742e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
10752e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10762e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
10772e8c.3184: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
10782e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
10792e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
10802e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
10812e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10822e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10832e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10842e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10852e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10862e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10872e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10882e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10892e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10902e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10912e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10922e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10932e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10942e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10952e8c.3184: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10962e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff81ffd0000 LB 0x0002f000 C:\Windows\System32\cryptnet.dll [fFlags=0x0]
10972e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10982e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10992e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
11002e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ffd0000 'C:\Windows\System32\cryptnet.dll'
11012e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11022e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
11032e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ffd0000 'C:\Windows\System32\cryptnet.dll'
11042e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11052e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
11062e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ffd0000 'C:\Windows\System32\cryptnet.dll'
11072e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11082e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
11092e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ffd0000 'C:\Windows\System32\cryptnet.dll'
11102e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11112e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
11122e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ffd0000 'C:\Windows\System32\cryptnet.dll'
11132e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11142e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
11152e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ffd0000 'C:\Windows\System32\cryptnet.dll'
11162e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11172e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ffd0000 'C:\Windows\System32\cryptnet.dll'
11182e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11192e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ffd0000 'C:\Windows\System32\cryptnet.dll'
11202e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11212e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ffd0000 'C:\Windows\System32\cryptnet.dll'
11222e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11232e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ffd0000 'C:\Windows\System32\cryptnet.dll'
11242e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11252e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ffd0000 'C:\Windows\System32\cryptnet.dll'
11262e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ffd0000 'C:\Windows\System32\cryptnet.dll'
11272e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11282e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ffd0000 'C:\Windows\System32\cryptnet.dll'
11292e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff82d5c0000 LB 0x000a3000 C:\Windows\System32\advapi32.dll [fFlags=0x0]
11302e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11312e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
11322e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
11332e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
11342e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
11352e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11362e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11372e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11382e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
11392e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
11402e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
11412e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
11422e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11432e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11442e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11452e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11462e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
11472e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
11482e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11492e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
11502e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
11512e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000a5e970
11522e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a5e970
11532e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41C90F26E88C181E61C61D8FE6FB6BC4B7273100
11542e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
11552e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11562e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b9b0000 'C:\Windows\System32\rpcrt4.dll'
11572e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11582e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11592e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
11602e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
11612e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11622e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
11632e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1329_for_KB4530715~31bf3856ad364e35~amd64~~10.0.1.4.cat'; file='\SystemRoot\System32\ntdll.dll'
11642e8c.3184: g_pfnWinVerifyTrust=00007ff82aa26370
11652e8c.3184: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
11662e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11672e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11682e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
11692e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
11702e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11712e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
11722e8c.3184: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
11732e8c.3184: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
11742e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11752e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11762e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
11772e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
11782e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11792e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
11802e8c.3184: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
11812e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11822e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11832e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
11842e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
11852e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
11862e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000390 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
11872e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000a5e970
11882e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a5e970
11892e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A71FAF93E7F6555CF5752D6A603A870E378E49E6
11902e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
11912e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000a5e5b0
11922e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a5e5b0
11932e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A71FAF93E7F6555CF5752D6A603A870E378E49E6
11942e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168)
11952e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000a5e670
11962e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a5e670
11972e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=94A646B11F6AB0A5169AF0ED46737E8E6ED30FA366AFD0C9B52535169D41D53C
11982e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168)
11992e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
12002e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
12012e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12022e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
12032e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
12042e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
12052e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12062e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
12072e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
12082e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
12092e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12102e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
12112e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
12122e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
12132e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12142e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
12152e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
12162e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
12172e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12182e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
12192e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
12202e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
12212e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12222e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
12232e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
12242e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
12252e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
12262e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
12272e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12282e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
12292e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
12302e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
12312e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12322e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
12332e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
12342e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
12352e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
12362e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
12372e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
12382e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
12392e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
12402e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll'
12412e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
12422e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
12432e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
12442e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
12452e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
12462e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
12472e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
12482e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
12492e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
12502e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
12512e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
12522e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
12532e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
12542e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
12552e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
12562e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
12572e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
12582e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
12592e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
12602e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\system32\crypt32.dll'
12612e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
12622e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
12632e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
12642e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
12652e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
12662e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
12672e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xcc0bafe3d466a600 O=AO Kaspersky Lab, CN=Kaspersky Anti-Virus Personal Root Certificate
12682e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
12692e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
12702e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
12712e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
12722e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
12732e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
12742e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
12752e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
12762e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
12772e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
12782e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
12792e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
12802e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
12812e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
12822e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
12832e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
12842e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
12852e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
12862e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
12872e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
12882e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
12892e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
12902e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
12912e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
12922e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
12932e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
12942e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
12952e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
12962e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
12972e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
12982e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
12992e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
13002e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
13012e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
13022e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
13032e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
13042e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
13052e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
13062e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
13072e8c.3184: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=46
13082e8c.3184: SUPR3HardenedMain: Load Runtime...
13092e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
13102e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
13112e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
13122e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
13132e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
13142e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
13152e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13162e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
13172e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
13182e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
13192e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
13202e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
13212e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
13222e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
13232e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13242e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13252e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
13262e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
13272e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
13282e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13292e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13302e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
13312e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
13322e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
13332e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
13342e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
13352e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13362e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13372e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13382e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13392e8c.3184: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13402e8c.3184: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)
13412e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
13422e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
13432e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
13442e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
13452e8c.3184: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13462e8c.3184: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
13472e8c.3184: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
13482e8c.3184: supR3HardenedDllNotificationCallback: load 0000000060a20000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
13492e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
13502e8c.3184: supR3HardenedDllNotificationCallback: load 0000000060410000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
13512e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
13522e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff82d900000 LB 0x0006d000 C:\Windows\System32\WS2_32.dll [fFlags=0x0]
13532e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
13542e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff801aa0000 LB 0x005e2000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
13552e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13562e8c.3184: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13572e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
13582e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13592e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13602e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13612e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13622e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13632e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13642e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13652e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13662e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13672e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13682e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13692e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13702e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13712e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13722e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13732e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13742e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13752e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13762e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13772e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13782e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13792e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13802e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13812e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13822e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13832e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13842e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13852e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13862e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13872e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13882e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13892e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13902e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13912e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13922e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13932e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13942e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13952e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13962e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13972e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13982e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13992e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14002e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14012e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
14022e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14032e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14042e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14052e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14062e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14072e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
14082e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
14092e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82aa20000 'C:\Windows\system32\Wintrust.dll'
14102e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
14112e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
14122e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
14132e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
14142e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\system32\crypt32.dll'
14152e8c.3184: SUPR3HardenedMain: Load TrustedMain...
14162e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
14172e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14182e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
14192e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
14202e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxglobal.dll'.
14212e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
14222e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
14232e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
14242e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
14252e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
14262e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
14272e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
14282e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
14292e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
14302e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
14312e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
14322e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
14332e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
14342e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
14352e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
14362e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
14372e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
14382e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
14392e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
14402e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
14412e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
14422e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
14432e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
14442e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14452e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14462e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
14472e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
14482e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
14492e8c.3184: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
14502e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14512e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmmbase.dll)
14522e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll
14532e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14542e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14552e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
14562e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
14572e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
14582e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
14592e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
14602e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
14612e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
14622e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
14632e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
14642e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
14652e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14662e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14672e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
14682e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
14692e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
14702e8c.3184: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
14712e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
14722e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'bcryptprimitives.dll'.
14732e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll)
14742e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll
14752e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
14762e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
14772e8c.3184: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
14782e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll)
14792e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
14802e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
14812e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
14822e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
14832e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14842e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14852e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
14862e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
14872e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14882e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
14892e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
14902e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'gdi32.dll'.
14912e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'user32.dll'.
14922e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'combase.dll'.
14932e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
14942e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
14952e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14962e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14972e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
14982e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
14992e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
15002e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15012e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15022e8c.3184: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
15032e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
15042e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
15052e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
15062e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
15072e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15082e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15092e8c.3184: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
15102e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
15112e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
15122e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15132e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15142e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15152e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15162e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15172e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
15182e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
15192e8c.3184: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
15202e8c.3184: '\Device\HarddiskVolume2\Windows\System32\win32u.dll' has no imports
15212e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\win32u.dll)
15222e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\win32u.dll
15232e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
15242e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
15252e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
15262e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
15272e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll) WinVerifyTrust
15282e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
15292e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
15302e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15312e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15322e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15332e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
15342e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
15352e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
15362e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
15372e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
15382e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
15392e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
15402e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
15412e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
15422e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
15432e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
15442e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
15452e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15462e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15472e8c.3184: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
15482e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15492e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15502e8c.3184: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
15512e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
15522e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
15532e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
15542e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
15552e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
15562e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
15572e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
15582e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
15592e8c.3184: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
15602e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
15612e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
15622e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
15632e8c.3184: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
15642e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
15652e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
15662e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
15672e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
15682e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
15692e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
15702e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
15712e8c.3184: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
15722e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
15732e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
15742e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
15752e8c.3184: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
15762e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
15772e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
15782e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
15792e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
15802e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
15812e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
15822e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
15832e8c.3184: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
15842e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
15852e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15862e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15872e8c.3184: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
15882e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15892e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15902e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
15912e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
15922e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
15932e8c.3184: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
15942e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15952e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'user32.dll'.
15962e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #77 'gdi32.dll'.
15972e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll)
15982e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
15992e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16002e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16012e8c.3184: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
16022e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
16032e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
16042e8c.3184: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
16052e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16062e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16072e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
16082e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16092e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16102e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
16112e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16122e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16132e8c.3184: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
16142e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
16152e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
16162e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
16172e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16182e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16192e8c.3184: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
16202e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16212e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16222e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
16232e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16242e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16252e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
16262e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
16272e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
16282e8c.3184: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'.
16292e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16302e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
16312e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
16322e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
16332e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
16342e8c.3184: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)
16352e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
16362e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16372e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16382e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
16392e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16402e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16412e8c.3184: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
16422e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
16432e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
16442e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
16452e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
16462e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
16472e8c.3184: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
16482e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll)
16492e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
16502e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
16512e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
16522e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
16532e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16542e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16552e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
16562e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16572e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16582e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
16592e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
16602e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
16612e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust]
16622e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16632e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16642e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
16652e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
16662e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
16672e8c.3184: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
16682e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16692e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
16702e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
16712e8c.3184: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)
16722e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
16732e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16742e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16752e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
16762e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16772e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16782e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
16792e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16802e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16812e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
16822e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16832e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16842e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
16852e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16862e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16872e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
16882e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16892e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16902e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
16912e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16922e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16932e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
16942e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
16952e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
16962e8c.3184: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
16972e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16982e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16992e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
17002e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17012e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17022e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
17032e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
17042e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
17052e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
17062e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
17072e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
17082e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
17092e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
17102e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
17112e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
17122e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
17132e8c.3184: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
17142e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17152e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17162e8c.3184: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
17172e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
17182e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
17192e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
17202e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
17212e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
17222e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust]
17232e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
17242e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
17252e8c.3184: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
17262e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
17272e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
17282e8c.3184: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
17292e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17302e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17312e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
17322e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17332e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17342e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
17352e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
17362e8c.3184: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
17372e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
17382e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
17392e8c.3184: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
17402e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
17412e8c.3184: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
17422e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17432e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17442e8c.3184: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
17452e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
17462e8c.3184: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
17472e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
17482e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
17492e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
17502e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
17512e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
17522e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxglobal.dll'...
17532e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxglobal.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxglobal.dll' [rcNtRedir=0xc0150008]
17542e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
17552e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
17562e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
17572e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
17582e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
17592e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
17602e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
17612e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
17622e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
17632e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
17642e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
17652e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGlobal.dll) WinVerifyTrust
17662e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
17672e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
17682e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
17692e8c.3184: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
17702e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000484 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
17712e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000a5e5b0
17722e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a5e5b0
17732e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F9EA7A084F8D34EE062D8C0EF5D96EF865883D56
17742e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
17752e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000a5e5b0
17762e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a5e5b0
17772e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F9EA7A084F8D34EE062D8C0EF5D96EF865883D56
17782e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168)
17792e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000a5e670
17802e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a5e670
17812e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=16CA5B2F8C50BEB43A1363150321F2954D05E1AD906C5222E46003C7C61E26DE
17822e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
17832e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000a5e2b0
17842e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a5e2b0
17852e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=16CA5B2F8C50BEB43A1363150321F2954D05E1AD906C5222E46003C7C61E26DE
17862e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168)
17872e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
17882e8c.3184: supR3HardenedScreenImage/Imports: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
17892e8c.3184: Error (rc=0):
17902e8c.3184: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume2\Windows\System32\opengl32.dll
17912e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17922e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17932e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
17942e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
17952e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
17962e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
17972e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17982e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
17992e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18002e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18012e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
18022e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18032e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18042e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
18052e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
18062e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
18072e8c.3184: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
18082e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
18092e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
18102e8c.3184: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
18112e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
18122e8c.3184: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
18132e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
18142e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
18152e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
18162e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
18172e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
18182e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
18192e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18202e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18212e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
18222e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
18232e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
18242e8c.3184: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
18252e8c.3184: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
18262e8c.3184: Error (rc=0):
18272e8c.3184: supR3HardenedScreenImage/NtCreateSection: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x10 fAccess=0xf cHits=3 \Device\HarddiskVolume2\Windows\System32\opengl32.dll
18282e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
18292e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000488 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
18302e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000a5e5b0
18312e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a5e5b0
18322e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=45FF4C1DBC7AE18A1DA512455F13BC17EA659425
18332e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
18342e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000a5e370
18352e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a5e370
18362e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=45FF4C1DBC7AE18A1DA512455F13BC17EA659425
18372e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168)
18382e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000a5e2b0
18392e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a5e2b0
18402e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=CA2198DF63DD7B6D9F725D808FE90C3A1A9C3D1C2674BEAC04F00FEB41139EBF
18412e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
18422e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000a5ed30
18432e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a5ed30
18442e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=CA2198DF63DD7B6D9F725D808FE90C3A1A9C3D1C2674BEAC04F00FEB41139EBF
18452e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168)
18462e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
18472e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll'
18482e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
18492e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
18502e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll'
18512e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
18522e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
18532e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll'
18542e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
18552e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
18562e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll'
18572e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
18582e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
18592e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
18602e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
18612e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
18622e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'
18632e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
18642e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
18652e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\combase.dll'
18662e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll'
18672e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll'
18682e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'
18692e8c.3184: Fatal error:
18702e8c.3184: supR3HardenedMainGetTrustedMain: LoadLibrary "C:\Program Files\Oracle\VirtualBox/VirtualBoxVM.dll" failed, rc=1790
18712bf0.74c: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 3953 ms, the end);
18722584.1660: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 4796 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy