VirtualBox

Ticket #20341: VBoxHardening bad.log

File VBoxHardening bad.log, 158.6 KB (added by Thorsten Schöning, 3 years ago)

VBoxHardening bad

Line 
1Log file opened: 6.1.18r142142 g_hStartupLog=0000000000000084 g_uNtVerCombined=0xa0456300
2\SystemRoot\System32\ntdll.dll:
3 CreationTime: 2021-02-20T12:56:25.449195000Z
4 LastWriteTime: 2021-02-20T12:56:25.500922800Z
5 ChangeTime: 2021-04-05T15:31:45.577014900Z
6 FileAttributes: 0x20
7 Size: 0x1e65f8
8 NT Headers: 0xe0
9 Timestamp: 0x6e7b7e33
10 Machine: 0x8664 - amd64
11 Timestamp: 0x6e7b7e33
12 Image Version: 10.0
13 SizeOfImage: 0x1ec000 (2015232)
14 Resource Dir: 0x17c000 LB 0x6ebd0
15 [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
16 [Raw version resource data: 0x17c0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
17 ProductName: Microsoft® Windows® Operating System
18 ProductVersion: 10.0.17763.1728
19 FileVersion: 10.0.17763.1728 (WinBuild.160101.0800)
20 FileDescription: NT Layer DLL
21\SystemRoot\System32\kernel32.dll:
22 CreationTime: 2019-06-05T06:28:40.808663400Z
23 LastWriteTime: 2019-06-05T06:28:40.825433000Z
24 ChangeTime: 2021-04-05T15:31:45.558065700Z
25 FileAttributes: 0x20
26 Size: 0xb12c0
27 NT Headers: 0xe8
28 Timestamp: 0x250a0626
29 Machine: 0x8664 - amd64
30 Timestamp: 0x250a0626
31 Image Version: 10.0
32 SizeOfImage: 0xb3000 (733184)
33 Resource Dir: 0xb1000 LB 0x520
34 [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
35 [Raw version resource data: 0xb10b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
36 ProductName: Microsoft® Windows® Operating System
37 ProductVersion: 10.0.17763.475
38 FileVersion: 10.0.17763.475 (WinBuild.160101.0800)
39 FileDescription: Windows NT BASE API Client DLL
40\SystemRoot\System32\KernelBase.dll:
41 CreationTime: 2021-03-06T10:29:29.930401100Z
42 LastWriteTime: 2021-03-06T10:29:30.019216400Z
43 ChangeTime: 2021-04-05T15:31:45.574022900Z
44 FileAttributes: 0x20
45 Size: 0x294c20
46 NT Headers: 0x100
47 Timestamp: 0xc97af40a
48 Machine: 0x8664 - amd64
49 Timestamp: 0xc97af40a
50 Image Version: 10.0
51 SizeOfImage: 0x294000 (2703360)
52 Resource Dir: 0x270000 LB 0x548
53 [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
54 [Raw version resource data: 0x2700b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
55 ProductName: Microsoft® Windows® Operating System
56 ProductVersion: 10.0.17763.1790
57 FileVersion: 10.0.17763.1790 (WinBuild.160101.0800)
58 FileDescription: Windows NT BASE API Client DLL
59\SystemRoot\System32\apisetschema.dll:
60 CreationTime: 2021-01-16T14:11:50.964479200Z
61 LastWriteTime: 2021-01-16T14:11:50.982047200Z
62 ChangeTime: 2021-04-05T15:31:46.006862200Z
63 FileAttributes: 0x20
64 Size: 0x1c548
65 NT Headers: 0xd0
66 Timestamp: 0xe6de1494
67 Machine: 0x8664 - amd64
68 Timestamp: 0xe6de1494
69 Image Version: 10.0
70 SizeOfImage: 0x1d000 (118784)
71 Resource Dir: 0x1c000 LB 0x408
72 [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
73 [Raw version resource data: 0x1c060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
74 ProductName: Microsoft® Windows® Operating System
75 ProductVersion: 10.0.17763.1637
76 FileVersion: 10.0.17763.1637 (WinBuild.160101.0800)
77 FileDescription: ApiSet Schema DLL
78NtOpenDirectoryObject failed on \Driver: 0xc0000022
79supR3HardenedWinFindAdversaries: 0x0
80supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
81Calling main()
82SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
83supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
84SUPR3HardenedMain: Respawn #1
85System32: \Device\HarddiskVolume4\Windows\System32
86WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
87KnownDllPath: C:\windows\System32
88supR3HardenedWinInit: Performing a limited self purification...
89supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
90 *0000000000000000-00000000006cffff 0x0001/0x0000 0x0000000
91 *00000000006d0000-00000000006dffff 0x0004/0x0004 0x0040000
92 00000000006e0000-00000000006effff 0x0001/0x0000 0x0000000
93 *00000000006f0000-0000000000709fff 0x0002/0x0002 0x0040000
94 000000000070a000-000000000070ffff 0x0001/0x0000 0x0000000
95 *0000000000710000-0000000000713fff 0x0002/0x0002 0x0040000
96 0000000000714000-000000000071ffff 0x0001/0x0000 0x0000000
97 *0000000000720000-0000000000721fff 0x0004/0x0004 0x0020000
98 0000000000722000-000000000072ffff 0x0001/0x0000 0x0000000
99 *0000000000730000-00000000007f4fff 0x0002/0x0002 0x0040000
100 00000000007f5000-00000000007fffff 0x0001/0x0000 0x0000000
101 *0000000000800000-00000000009defff 0x0000/0x0004 0x0020000
102 00000000009df000-00000000009e1fff 0x0004/0x0004 0x0020000
103 00000000009e2000-00000000009fffff 0x0000/0x0004 0x0020000
104 *0000000000a00000-0000000000ab8fff 0x0000/0x0004 0x0020000
105 0000000000ab9000-0000000000abbfff 0x0104/0x0004 0x0020000
106 0000000000abc000-0000000000afffff 0x0004/0x0004 0x0020000
107 *0000000000b00000-0000000000b01fff 0x0004/0x0004 0x0020000
108 0000000000b02000-0000000000b61fff 0x0000/0x0004 0x0020000
109 0000000000b62000-0000000000c1ffff 0x0001/0x0000 0x0000000
110 *0000000000c20000-0000000000c2efff 0x0004/0x0004 0x0020000
111 0000000000c2f000-0000000000c2ffff 0x0000/0x0004 0x0020000
112 0000000000c30000-0000000000caffff 0x0001/0x0000 0x0000000
113 *0000000000cb0000-0000000000cb6fff 0x0004/0x0004 0x0020000
114 0000000000cb7000-0000000000daffff 0x0000/0x0004 0x0020000
115 *0000000000db0000-0000000000db6fff 0x0000/0x0004 0x0020000
116 0000000000db7000-0000000000fa3fff 0x0004/0x0004 0x0020000
117 0000000000fa4000-0000000000fa4fff 0x0000/0x0004 0x0020000
118 0000000000fa5000-0000000000faffff 0x0001/0x0000 0x0000000
119 *0000000000fb0000-0000000000fccfff 0x0004/0x0004 0x0020000
120 0000000000fcd000-00000000010affff 0x0000/0x0004 0x0020000
121 00000000010b0000-000000007ffdffff 0x0001/0x0000 0x0000000
122 *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
123 000000007ffe1000-000000007ffedfff 0x0001/0x0000 0x0000000
124 *000000007ffee000-000000007ffeefff 0x0002/0x0002 0x0020000
125 000000007ffef000-00007ff43e57ffff 0x0001/0x0000 0x0000000
126 *00007ff43e580000-00007ff43e584fff 0x0002/0x0002 0x0040000
127 00007ff43e585000-00007ff43e67ffff 0x0000/0x0002 0x0040000
128 *00007ff43e680000-00007ff53e69ffff 0x0000/0x0004 0x0020000
129 *00007ff53e6a0000-00007ff54069ffff 0x0000/0x0004 0x0020000
130 00007ff5406a0000-00007ff5406a0fff 0x0004/0x0004 0x0020000
131 00007ff5406a1000-00007ff5406affff 0x0001/0x0000 0x0000000
132 *00007ff5406b0000-00007ff5406b0fff 0x0002/0x0002 0x0040000
133 00007ff5406b1000-00007ff5406bffff 0x0001/0x0000 0x0000000
134 *00007ff5406c0000-00007ff5406e2fff 0x0002/0x0002 0x0040000
135 00007ff5406e3000-00007ff6030fffff 0x0001/0x0000 0x0000000
136 *00007ff603100000-00007ff603100fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
137 00007ff603101000-00007ff603177fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
138 00007ff603178000-00007ff603178fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
139 00007ff603179000-00007ff6031c1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
140 00007ff6031c2000-00007ff6031c4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
141 00007ff6031c5000-00007ff6031c7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
142 00007ff6031c8000-00007ff6031cafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
143 00007ff6031cb000-00007ff6031cbfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
144 00007ff6031cc000-00007ff6031cdfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
145 00007ff6031ce000-00007ff6031cefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
146 00007ff6031cf000-00007ff603217fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
147 00007ff603218000-00007ffc7697ffff 0x0001/0x0000 0x0000000
148 *00007ffc76980000-00007ffc76980fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
149 00007ffc76981000-00007ffc76a83fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
150 00007ffc76a84000-00007ffc76bdafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
151 00007ffc76bdb000-00007ffc76bdefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
152 00007ffc76bdf000-00007ffc76bdffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
153 00007ffc76be0000-00007ffc76c13fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
154 00007ffc76c14000-00007ffc7834ffff 0x0001/0x0000 0x0000000
155 *00007ffc78350000-00007ffc78350fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
156 00007ffc78351000-00007ffc783c6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
157 00007ffc783c7000-00007ffc783f8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
158 00007ffc783f9000-00007ffc783f9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
159 00007ffc783fa000-00007ffc783fafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
160 00007ffc783fb000-00007ffc78402fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
161 00007ffc78403000-00007ffc799effff 0x0001/0x0000 0x0000000
162 *00007ffc799f0000-00007ffc799f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
163 00007ffc799f1000-00007ffc79b06fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
164 00007ffc79b07000-00007ffc79b4dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
165 00007ffc79b4e000-00007ffc79b4efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
166 00007ffc79b4f000-00007ffc79b50fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
167 00007ffc79b51000-00007ffc79b58fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
168 00007ffc79b59000-00007ffc79bdbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
169 00007ffc79bdc000-00007ffffffeffff 0x0001/0x0000 0x0000000
170kernel32.dll: timestamp 0x250a0626 (rc=VINF_SUCCESS)
171kernelbase.dll: timestamp 0xc97af40a (rc=VINF_SUCCESS)
172VBoxHeadless.exe: timestamp 0x5ff72a09 (rc=VINF_SUCCESS)
173\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
174'\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
175'\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
176supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0
177\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
178'\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
179supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
180supR3HardNtEnableThreadCreationEx:
181supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc79a681a0 pvNtTerminateThread=00007ffc79a90210
182supR3HardenedWinDoReSpawn(1): New child 1938.2ca0 [kernel32].
183supR3HardNtChildGatherData: PebBaseAddress=00000000007e8000 cbPeb=0x388
184supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffc799f0000 uNtDllChildAddr=00007ffc799f0000
185supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffc79a681a0
186supR3HardenedWinSetupChildInit: Initial context:
187 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff603107740 rdx=00000000007e8000
188 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
189 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
190 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
191 rip=00007ffc79a4a2b0 rsp=00000000008ffd18 rbp=0000000000000000 ctxflags=0010001b
192 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
193 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
194 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
195 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
196 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
197supR3HardenedWinSetupChildInit: Start child.
198supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
199supR3HardNtChildPurify: Startup delay kludge #1/0: 261 ms, 29 sleeps
200supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
201 *0000000000000000-00000000004fffff 0x0001/0x0000 0x0000000
202 *0000000000500000-000000000051ffff 0x0004/0x0004 0x0020000
203 *0000000000520000-0000000000539fff 0x0002/0x0002 0x0040000
204 000000000053a000-000000000053ffff 0x0001/0x0000 0x0000000
205 *0000000000540000-0000000000543fff 0x0002/0x0002 0x0040000
206 0000000000544000-000000000054ffff 0x0001/0x0000 0x0000000
207 *0000000000550000-0000000000551fff 0x0004/0x0004 0x0020000
208 0000000000552000-00000000005fffff 0x0001/0x0000 0x0000000
209 *0000000000600000-00000000007e7fff 0x0000/0x0004 0x0020000
210 00000000007e8000-00000000007eafff 0x0004/0x0004 0x0020000
211 00000000007eb000-00000000007fffff 0x0000/0x0004 0x0020000
212 *0000000000800000-00000000008fafff 0x0000/0x0004 0x0020000
213 00000000008fb000-00000000008fdfff 0x0104/0x0004 0x0020000
214 00000000008fe000-00000000008fffff 0x0004/0x0004 0x0020000
215 0000000000900000-000000007ffdffff 0x0001/0x0000 0x0000000
216 *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
217 000000007ffe1000-000000007ffedfff 0x0001/0x0000 0x0000000
218 *000000007ffee000-000000007ffeefff 0x0002/0x0002 0x0020000
219 000000007ffef000-00007ff53fe6ffff 0x0001/0x0000 0x0000000
220 *00007ff53fe70000-00007ff53fe70fff 0x0002/0x0002 0x0040000
221 00007ff53fe71000-00007ff53fe7ffff 0x0001/0x0000 0x0000000
222 *00007ff53fe80000-00007ff53fea2fff 0x0002/0x0002 0x0040000
223 00007ff53fea3000-00007ff6030fffff 0x0001/0x0000 0x0000000
224 *00007ff603100000-00007ff603100fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
225 00007ff603101000-00007ff603177fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
226 00007ff603178000-00007ff603178fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
227 00007ff603179000-00007ff6031c1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
228 00007ff6031c2000-00007ff6031c2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
229 00007ff6031c3000-00007ff6031c3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
230 00007ff6031c4000-00007ff6031c8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
231 00007ff6031c9000-00007ff6031c9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
232 00007ff6031ca000-00007ff6031cafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
233 00007ff6031cb000-00007ff6031cefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
234 00007ff6031cf000-00007ff603217fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
235 00007ff603218000-00007ffc799effff 0x0001/0x0000 0x0000000
236 *00007ffc799f0000-00007ffc799f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
237 00007ffc799f1000-00007ffc79b06fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
238 00007ffc79b07000-00007ffc79b4dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
239 00007ffc79b4e000-00007ffc79b58fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
240 00007ffc79b59000-00007ffc79b66fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
241 00007ffc79b67000-00007ffc79b67fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
242 00007ffc79b68000-00007ffc79b6afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
243 00007ffc79b6b000-00007ffc79bdbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
244 00007ffc79bdc000-00007ffffffeffff 0x0001/0x0000 0x0000000
245supR3HardNtChildPurify: Done after 264 ms and 0 fixes (loop #0).
246Log file opened: 6.1.18r142142 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa0456300
247supR3HardenedVmProcessInit: uNtDllAddr=00007ffc799f0000 g_uNtVerCombined=0xa0456300 (stack ~00000000008ff7a8)
248ntdll.dll: timestamp 0x6e7b7e33 (rc=VINF_SUCCESS)
249New simple heap: #1 0000000000a00000 LB 0x400000 (for 2015232 allocation)
250supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
251System32: \Device\HarddiskVolume4\Windows\System32
252WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
253KnownDllPath: C:\windows\System32
254supR3HardenedVmProcessInit: Opening vboxdrv stub...
255supR3HardNtEnableThreadCreationEx:
256supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
257supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
258Registered Dll notification callback with NTDLL.
259supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
260supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
261supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
262supR3HardenedDllNotificationCallback: load 00007ffc76980000 LB 0x00294000 C:\windows\System32\KERNELBASE.dll [fFlags=0x0]
263supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
264supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
265supR3HardenedDllNotificationCallback: load 00007ffc78350000 LB 0x000b3000 C:\windows\System32\KERNEL32.DLL [fFlags=0x0]
266supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
267supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc78350000 'C:\windows\System32\KERNEL32.DLL'
268supR3HardenedDllNotificationCallback: load 00007ff603100000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0]
269\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
270'\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
271supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
272supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
273supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc79a681a0 pvNtTerminateThread=00007ffc79a90210
274supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 93 ms.
275\SystemRoot\System32\ntdll.dll:
276 CreationTime: 2021-02-20T12:56:25.449195000Z
277 LastWriteTime: 2021-02-20T12:56:25.500922800Z
278 ChangeTime: 2021-04-05T15:31:45.577014900Z
279 FileAttributes: 0x20
280 Size: 0x1e65f8
281 NT Headers: 0xe0
282 Timestamp: 0x6e7b7e33
283 Machine: 0x8664 - amd64
284 Timestamp: 0x6e7b7e33
285 Image Version: 10.0
286 SizeOfImage: 0x1ec000 (2015232)
287 Resource Dir: 0x17c000 LB 0x6ebd0
288 [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
289 [Raw version resource data: 0x17c0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
290 ProductName: Microsoft® Windows® Operating System
291 ProductVersion: 10.0.17763.1728
292 FileVersion: 10.0.17763.1728 (WinBuild.160101.0800)
293 FileDescription: NT Layer DLL
294\SystemRoot\System32\kernel32.dll:
295 CreationTime: 2019-06-05T06:28:40.808663400Z
296 LastWriteTime: 2019-06-05T06:28:40.825433000Z
297 ChangeTime: 2021-04-05T15:31:45.558065700Z
298 FileAttributes: 0x20
299 Size: 0xb12c0
300 NT Headers: 0xe8
301 Timestamp: 0x250a0626
302 Machine: 0x8664 - amd64
303 Timestamp: 0x250a0626
304 Image Version: 10.0
305 SizeOfImage: 0xb3000 (733184)
306 Resource Dir: 0xb1000 LB 0x520
307 [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
308 [Raw version resource data: 0xb10b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
309 ProductName: Microsoft® Windows® Operating System
310 ProductVersion: 10.0.17763.475
311 FileVersion: 10.0.17763.475 (WinBuild.160101.0800)
312 FileDescription: Windows NT BASE API Client DLL
313\SystemRoot\System32\KernelBase.dll:
314 CreationTime: 2021-03-06T10:29:29.930401100Z
315 LastWriteTime: 2021-03-06T10:29:30.019216400Z
316 ChangeTime: 2021-04-05T15:31:45.574022900Z
317 FileAttributes: 0x20
318 Size: 0x294c20
319 NT Headers: 0x100
320 Timestamp: 0xc97af40a
321 Machine: 0x8664 - amd64
322 Timestamp: 0xc97af40a
323 Image Version: 10.0
324 SizeOfImage: 0x294000 (2703360)
325 Resource Dir: 0x270000 LB 0x548
326 [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
327 [Raw version resource data: 0x2700b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
328 ProductName: Microsoft® Windows® Operating System
329 ProductVersion: 10.0.17763.1790
330 FileVersion: 10.0.17763.1790 (WinBuild.160101.0800)
331 FileDescription: Windows NT BASE API Client DLL
332\SystemRoot\System32\apisetschema.dll:
333 CreationTime: 2021-01-16T14:11:50.964479200Z
334 LastWriteTime: 2021-01-16T14:11:50.982047200Z
335 ChangeTime: 2021-04-05T15:31:46.006862200Z
336 FileAttributes: 0x20
337 Size: 0x1c548
338 NT Headers: 0xd0
339 Timestamp: 0xe6de1494
340 Machine: 0x8664 - amd64
341 Timestamp: 0xe6de1494
342 Image Version: 10.0
343 SizeOfImage: 0x1d000 (118784)
344 Resource Dir: 0x1c000 LB 0x408
345 [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
346 [Raw version resource data: 0x1c060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
347 ProductName: Microsoft® Windows® Operating System
348 ProductVersion: 10.0.17763.1637
349 FileVersion: 10.0.17763.1637 (WinBuild.160101.0800)
350 FileDescription: ApiSet Schema DLL
351NtOpenDirectoryObject failed on \Driver: 0xc0000022
352supR3HardenedWinFindAdversaries: 0x0
353supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
354Calling main()
355SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
356supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
357\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
358'\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
359supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
360SUPR3HardenedMain: Respawn #2
361supR3HardNtEnableThreadCreationEx:
362supR3HardenedDllNotificationCallback: load 00007ffc77400000 LB 0x00120000 C:\windows\System32\RPCRT4.dll [fFlags=0x0]
363supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
364supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
365supR3HardenedDllNotificationCallback: load 00007ffc76c20000 LB 0x0009f000 C:\windows\System32\sechost.dll [fFlags=0x0]
366supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
367supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
368supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
369'\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
370supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll)
371supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
372supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
373supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
374supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
375supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
376supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc799f0000 'C:\windows\System32\ntdll.dll'
377supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc79a681a0 pvNtTerminateThread=00007ffc79a90210
378supR3HardenedWinDoReSpawn(2): New child 2798.36d4 [kernel32].
379supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
380supR3HardNtChildGatherData: PebBaseAddress=0000000001152000 cbPeb=0x388
381supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffc799f0000 uNtDllChildAddr=00007ffc799f0000
382supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffc79a681a0
383supR3HardenedWinSetupChildInit: Initial context:
384 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff603107740 rdx=0000000001152000
385 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
386 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
387 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
388 rip=00007ffc79a4a2b0 rsp=00000000012ffc38 rbp=0000000000000000 ctxflags=0010001b
389 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
390 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
391 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
392 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
393 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
394kernel32.dll: timestamp 0x250a0626 (rc=VINF_SUCCESS)
395supR3HardenedWinSetupChildInit: Start child.
396supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
397supR3HardNtChildPurify: Startup delay kludge #1/0: 261 ms, 29 sleeps
398supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
399 *0000000000000000-0000000000eeffff 0x0001/0x0000 0x0000000
400 *0000000000ef0000-0000000000f0ffff 0x0004/0x0004 0x0020000
401 *0000000000f10000-0000000000f29fff 0x0002/0x0002 0x0040000
402 0000000000f2a000-0000000000f2ffff 0x0001/0x0000 0x0000000
403 *0000000000f30000-0000000000f33fff 0x0002/0x0002 0x0040000
404 0000000000f34000-0000000000f3ffff 0x0001/0x0000 0x0000000
405 *0000000000f40000-0000000000f41fff 0x0004/0x0004 0x0020000
406 0000000000f42000-0000000000ffffff 0x0001/0x0000 0x0000000
407 *0000000001000000-0000000001151fff 0x0000/0x0004 0x0020000
408 0000000001152000-0000000001154fff 0x0004/0x0004 0x0020000
409 0000000001155000-00000000011fffff 0x0000/0x0004 0x0020000
410 *0000000001200000-00000000012fafff 0x0000/0x0004 0x0020000
411 00000000012fb000-00000000012fdfff 0x0104/0x0004 0x0020000
412 00000000012fe000-00000000012fffff 0x0004/0x0004 0x0020000
413 0000000001300000-000000007ffdffff 0x0001/0x0000 0x0000000
414 *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
415 000000007ffe1000-000000007ffedfff 0x0001/0x0000 0x0000000
416 *000000007ffee000-000000007ffeefff 0x0002/0x0002 0x0020000
417 000000007ffef000-00007ff5d919ffff 0x0001/0x0000 0x0000000
418 *00007ff5d91a0000-00007ff5d91a0fff 0x0002/0x0002 0x0040000
419 00007ff5d91a1000-00007ff5d91affff 0x0001/0x0000 0x0000000
420 *00007ff5d91b0000-00007ff5d91d2fff 0x0002/0x0002 0x0040000
421 00007ff5d91d3000-00007ff6030fffff 0x0001/0x0000 0x0000000
422 *00007ff603100000-00007ff603100fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
423 00007ff603101000-00007ff603177fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
424 00007ff603178000-00007ff603178fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
425 00007ff603179000-00007ff6031c1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
426 00007ff6031c2000-00007ff6031c2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
427 00007ff6031c3000-00007ff6031c3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
428 00007ff6031c4000-00007ff6031c8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
429 00007ff6031c9000-00007ff6031c9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
430 00007ff6031ca000-00007ff6031cafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
431 00007ff6031cb000-00007ff6031cefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
432 00007ff6031cf000-00007ff603217fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
433 00007ff603218000-00007ffc799effff 0x0001/0x0000 0x0000000
434 *00007ffc799f0000-00007ffc799f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
435 00007ffc799f1000-00007ffc79b06fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
436 00007ffc79b07000-00007ffc79b4dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
437 00007ffc79b4e000-00007ffc79b58fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
438 00007ffc79b59000-00007ffc79b66fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
439 00007ffc79b67000-00007ffc79b67fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
440 00007ffc79b68000-00007ffc79b6afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
441 00007ffc79b6b000-00007ffc79bdbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
442 00007ffc79bdc000-00007ffffffeffff 0x0001/0x0000 0x0000000
443VBoxHeadless.exe: timestamp 0x5ff72a09 (rc=VINF_SUCCESS)
444\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
445'\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
446'\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
447supR3HardNtChildPurify: Done after 300 ms and 0 fixes (loop #0).
448Log file opened: 6.1.18r142142 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa0456300
449supR3HardenedVmProcessInit: uNtDllAddr=00007ffc799f0000 g_uNtVerCombined=0xa0456300 (stack ~00000000012ff6c8)
450ntdll.dll: timestamp 0x6e7b7e33 (rc=VINF_SUCCESS)
451New simple heap: #1 0000000001400000 LB 0x400000 (for 2015232 allocation)
452supR3HardenedEarlyCompact: Removed heap 1 (0x00000000a00000 LB 0x400000)
453supR3HardNtEnableThreadCreationEx:
454supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
455System32: \Device\HarddiskVolume4\Windows\System32
456WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
457KnownDllPath: C:\windows\System32
458supR3HardenedVmProcessInit: Opening vboxdrv...
459supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
460supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
461Registered Dll notification callback with NTDLL.
462supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
463supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
464supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
465supR3HardenedDllNotificationCallback: load 00007ffc76980000 LB 0x00294000 C:\windows\System32\KERNELBASE.dll [fFlags=0x0]
466supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
467supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
468supR3HardenedDllNotificationCallback: load 00007ffc78350000 LB 0x000b3000 C:\windows\System32\KERNEL32.DLL [fFlags=0x0]
469supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
470supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc78350000 'C:\windows\System32\KERNEL32.DLL'
471supR3HardenedDllNotificationCallback: load 00007ff603100000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0]
472\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
473'\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
474supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
475supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
476supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc79a681a0 pvNtTerminateThread=00007ffc79a90210
477supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 107 ms.
478\SystemRoot\System32\ntdll.dll:
479 CreationTime: 2021-02-20T12:56:25.449195000Z
480 LastWriteTime: 2021-02-20T12:56:25.500922800Z
481 ChangeTime: 2021-04-05T15:31:45.577014900Z
482 FileAttributes: 0x20
483 Size: 0x1e65f8
484 NT Headers: 0xe0
485 Timestamp: 0x6e7b7e33
486 Machine: 0x8664 - amd64
487 Timestamp: 0x6e7b7e33
488 Image Version: 10.0
489 SizeOfImage: 0x1ec000 (2015232)
490 Resource Dir: 0x17c000 LB 0x6ebd0
491 [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
492 [Raw version resource data: 0x17c0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
493 ProductName: Microsoft® Windows® Operating System
494 ProductVersion: 10.0.17763.1728
495 FileVersion: 10.0.17763.1728 (WinBuild.160101.0800)
496 FileDescription: NT Layer DLL
497\SystemRoot\System32\kernel32.dll:
498 CreationTime: 2019-06-05T06:28:40.808663400Z
499 LastWriteTime: 2019-06-05T06:28:40.825433000Z
500 ChangeTime: 2021-04-05T15:31:45.558065700Z
501 FileAttributes: 0x20
502 Size: 0xb12c0
503 NT Headers: 0xe8
504 Timestamp: 0x250a0626
505 Machine: 0x8664 - amd64
506 Timestamp: 0x250a0626
507 Image Version: 10.0
508 SizeOfImage: 0xb3000 (733184)
509 Resource Dir: 0xb1000 LB 0x520
510 [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
511 [Raw version resource data: 0xb10b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
512 ProductName: Microsoft® Windows® Operating System
513 ProductVersion: 10.0.17763.475
514 FileVersion: 10.0.17763.475 (WinBuild.160101.0800)
515 FileDescription: Windows NT BASE API Client DLL
516\SystemRoot\System32\KernelBase.dll:
517 CreationTime: 2021-03-06T10:29:29.930401100Z
518 LastWriteTime: 2021-03-06T10:29:30.019216400Z
519 ChangeTime: 2021-04-05T15:31:45.574022900Z
520 FileAttributes: 0x20
521 Size: 0x294c20
522 NT Headers: 0x100
523 Timestamp: 0xc97af40a
524 Machine: 0x8664 - amd64
525 Timestamp: 0xc97af40a
526 Image Version: 10.0
527 SizeOfImage: 0x294000 (2703360)
528 Resource Dir: 0x270000 LB 0x548
529 [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
530 [Raw version resource data: 0x2700b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
531 ProductName: Microsoft® Windows® Operating System
532 ProductVersion: 10.0.17763.1790
533 FileVersion: 10.0.17763.1790 (WinBuild.160101.0800)
534 FileDescription: Windows NT BASE API Client DLL
535\SystemRoot\System32\apisetschema.dll:
536 CreationTime: 2021-01-16T14:11:50.964479200Z
537 LastWriteTime: 2021-01-16T14:11:50.982047200Z
538 ChangeTime: 2021-04-05T15:31:46.006862200Z
539 FileAttributes: 0x20
540 Size: 0x1c548
541 NT Headers: 0xd0
542 Timestamp: 0xe6de1494
543 Machine: 0x8664 - amd64
544 Timestamp: 0xe6de1494
545 Image Version: 10.0
546 SizeOfImage: 0x1d000 (118784)
547 Resource Dir: 0x1c000 LB 0x408
548 [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
549 [Raw version resource data: 0x1c060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
550 ProductName: Microsoft® Windows® Operating System
551 ProductVersion: 10.0.17763.1637
552 FileVersion: 10.0.17763.1637 (WinBuild.160101.0800)
553 FileDescription: ApiSet Schema DLL
554NtOpenDirectoryObject failed on \Driver: 0xc0000022
555supR3HardenedWinFindAdversaries: 0x0
556supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
557Calling main()
558SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
559supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
560\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
561'\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
562supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
563SUPR3HardenedMain: Final process, opening VBoxDrv...
564supR3HardenedEarlyCompact: Removed heap 1 (0x00000001400000 LB 0x400000)
565supR3HardNtEnableThreadCreationEx:
566\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll: Signature #1/2: info status: 24202
567supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
568supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
569supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
570supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
571supR3HardenedDllNotificationCallback: load 00007ffc4c490000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
572supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
573supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
574supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
575supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4c490000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
576supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
577supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
578supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4c490000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
579supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4c490000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
580supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
581supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
582supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
583supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
584supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
585supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
586supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
587supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
588supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
589supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
590supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
591supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
592supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'msasn1.dll'.
593supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
594supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
595supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
596supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
597supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
598supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
599supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
600supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
601supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
602supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
603supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
604supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
605supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
606supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
607supR3HardenedDllNotificationCallback: load 00007ffc782b0000 LB 0x0009e000 C:\windows\System32\msvcrt.dll [fFlags=0x0]
608supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
609supR3HardenedDllNotificationCallback: load 00007ffc75a60000 LB 0x00012000 C:\windows\System32\MSASN1.dll [fFlags=0x0]
610supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
611supR3HardenedDllNotificationCallback: load 00007ffc75c50000 LB 0x000fa000 C:\windows\System32\ucrtbase.dll [fFlags=0x0]
612supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll)
613supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
614supR3HardenedDllNotificationCallback: load 00007ffc764f0000 LB 0x001e3000 C:\windows\System32\CRYPT32.dll [fFlags=0x0]
615supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
616supR3HardenedDllNotificationCallback: load 00007ffc77400000 LB 0x00120000 C:\windows\System32\RPCRT4.dll [fFlags=0x0]
617supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
618supR3HardenedDllNotificationCallback: load 00007ffc76780000 LB 0x00059000 C:\windows\System32\Wintrust.dll [fFlags=0x0]
619supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
620supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
621supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
622supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc76980000 'api-ms-win-core-synch-l1-2-0'
623supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
624supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
625supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc76980000 'api-ms-win-core-fibers-l1-1-1'
626supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
627supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
628supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc76980000 'api-ms-win-core-fibers-l1-1-1'
629supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
630supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
631supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc76980000 'api-ms-win-core-synch-l1-2-0'
632supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
633supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
634supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc76980000 'api-ms-win-core-localization-l1-2-1'
635supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc76780000 'C:\windows\system32\Wintrust.dll'
636supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
637supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
638supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
639supR3HardenedDllNotificationCallback: load 00007ffc75c20000 LB 0x00026000 C:\windows\System32\bcrypt.dll [fFlags=0x0]
640supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
641supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc75c20000 'C:\windows\system32\bcrypt.dll'
642bcrypt.dll loaded at 00007ffc75c20000, BCryptOpenAlgorithmProvider at 00007ffc75c24d60, preloading providers:
643supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
644supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
645supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
646supR3HardenedDllNotificationCallback: load 00007ffc76700000 LB 0x0007f000 C:\windows\System32\bcryptprimitives.dll [fFlags=0x0]
647supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
648supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc76700000 'C:\windows\system32\bcryptprimitives.dll'
649 BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000001919c70)
650 BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000191ea20)
651 BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000191f530)
652 BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000191f830)
653 BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000191fb30)
654 BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000191fe30)
655 BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000001920130)
656 BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000001920840)
657supR3HardenedDllNotificationCallback: load 00007ffc75ab0000 LB 0x00017000 C:\windows\System32\CRYPTSP.dll [fFlags=0x0]
658supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
659supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
660supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
661supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
662supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
663supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
664supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
665supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
666supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
667supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
668supR3HardenedDllNotificationCallback: load 00007ffc74d20000 LB 0x00033000 C:\windows\system32\rsaenh.dll [fFlags=0x0]
669supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
670supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
671supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
672supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
673supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
674supR3HardenedDllNotificationCallback: load 00007ffc753e0000 LB 0x0000c000 C:\windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
675supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
676supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
677supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
678supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
679supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
680supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
681supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc78350000 'C:\windows\System32\kernel32.dll'
682supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
683supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
684supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc76780000 'C:\windows\System32\WINTRUST.DLL'
685supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
686supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
687supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\System32\CRYPT32.dll'
688supR3HardenedDllNotificationCallback: load 00007ffc76e50000 LB 0x0001d000 C:\windows\System32\imagehlp.dll [fFlags=0x0]
689supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
690supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
691supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
692supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
693supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
694supR3HardenedDllNotificationCallback: load 00007ffc76c20000 LB 0x0009f000 C:\windows\System32\sechost.dll [fFlags=0x0]
695supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
696supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
697supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
698supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
699supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
700supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
701supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
702supR3HardenedDllNotificationCallback: load 00007ffc73a80000 LB 0x00022000 C:\windows\SYSTEM32\gpapi.dll [fFlags=0x0]
703supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
704supR3HardenedDllNotificationCallback: load 00007ffc75a80000 LB 0x00024000 C:\windows\System32\profapi.dll [fFlags=0x0]
705supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
706supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
707supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
708supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
709supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
710supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
711supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
712supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
713supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
714supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
715supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
716supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
717supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
718supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
719supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
720supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
721supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
722supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
723supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
724supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
725supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
726supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
727supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
728supR3HardenedDllNotificationCallback: load 00007ffc65390000 LB 0x0002f000 C:\windows\System32\cryptnet.dll [fFlags=0x0]
729supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
730supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
731supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
732supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc65390000 'C:\windows\System32\cryptnet.dll'
733supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
734supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
735supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc65390000 'C:\windows\System32\cryptnet.dll'
736supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
737supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
738supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc65390000 'C:\windows\System32\cryptnet.dll'
739supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
740supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
741supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc65390000 'C:\windows\System32\cryptnet.dll'
742supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
743supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
744supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc65390000 'C:\windows\System32\cryptnet.dll'
745supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
746supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
747supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc65390000 'C:\windows\System32\cryptnet.dll'
748supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
749supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc65390000 'C:\windows\System32\cryptnet.dll'
750supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
751supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc65390000 'C:\windows\System32\cryptnet.dll'
752supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
753supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc65390000 'C:\windows\System32\cryptnet.dll'
754supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
755supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc65390000 'C:\windows\System32\cryptnet.dll'
756supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
757supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc65390000 'C:\windows\System32\cryptnet.dll'
758supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc65390000 'C:\windows\System32\cryptnet.dll'
759supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
760supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc65390000 'C:\Windows\System32\cryptnet.dll'
761supR3HardenedDllNotificationCallback: load 00007ffc77520000 LB 0x000a3000 C:\windows\System32\advapi32.dll [fFlags=0x0]
762supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
763supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
764supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
765supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
766supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
767supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
768supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
769supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
770supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
771supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
772supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
773supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
774supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
775supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
776supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
777supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
778supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
779supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
780supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
781supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\System32\crypt32.dll'
782supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
783supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000019ef030
784supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000019ef030
785supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C5B1061F375FB061C3A40778CD0ECB928D36CA3A
786supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
787supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
788supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc77400000 'C:\windows\System32\rpcrt4.dll'
789supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1062)
790supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000019ef3f0
791supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000019ef3f0
792supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=A48DB79F948C22991FCCC59CF614AB0528A4905511571E97E0E8186D739C4185
793supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1062)
794g_pfnWinVerifyTrust=00007ffc76782290
795supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
796supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
797supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
798supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
799supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
800supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
801supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\System32\crypt32.dll'
802supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
803supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
804supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
805supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
806supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
807supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
808supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
809supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\System32\crypt32.dll'
810supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
811supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
812supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
813supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
814supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
815supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
816supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\System32\crypt32.dll'
817supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
818supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000390 pwszName=\Device\HarddiskVolume4\Windows\System32\cryptnet.dll
819supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000019ef030
820supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000019ef030
821supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A71FAF93E7F6555CF5752D6A603A870E378E49E6
822supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1062; iCat=0x0)
823supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000019eeeb0
824supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000019eeeb0
825supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A71FAF93E7F6555CF5752D6A603A870E378E49E6
826supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1062)
827supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000019ef3f0
828supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000019ef3f0
829supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=94A646B11F6AB0A5169AF0ED46737E8E6ED30FA366AFD0C9B52535169D41D53C
830supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1062; iCat=0x0)
831supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000019ef270
832supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000019ef270
833supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=94A646B11F6AB0A5169AF0ED46737E8E6ED30FA366AFD0C9B52535169D41D53C
834supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1062)
835supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
836supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
837supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
838supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
839supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
840supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\System32\crypt32.dll'
841supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
842supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
843supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
844supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\System32\crypt32.dll'
845supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
846supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
847supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
848supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\System32\crypt32.dll'
849supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
850supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
851supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
852supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\System32\crypt32.dll'
853supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
854supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
855supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
856supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\System32\crypt32.dll'
857supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
858supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
859supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
860supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\System32\crypt32.dll'
861supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
862supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
863supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\System32\crypt32.dll'
864supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
865supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
866supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
867supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
868supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\System32\crypt32.dll'
869supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
870supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
871supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
872supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
873supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\System32\crypt32.dll'
874supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
875supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
876supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\System32\crypt32.dll'
877supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll'
878supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
879supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\System32\crypt32.dll'
880supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
881supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
882supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\System32\crypt32.dll'
883supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
884supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
885supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\System32\crypt32.dll'
886supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
887supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
888supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
889supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
890supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe'
891supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
892supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\System32\crypt32.dll'
893supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
894supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
895supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\System32\crypt32.dll'
896supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
897supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\system32\crypt32.dll'
898supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: O=CAcert Inc., OU=http://www.CAcert.org, CN=CAcert Class 3 Root
899supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=US, O=thawte, Inc., CN=thawte SHA256 Code Signing CA
900supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
901supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
902supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: O=CAcert Inc., OU=http://www.CAcert.org, CN=CAcert Class 3 Root
903supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
904supR3HardenedWinIsDesiredRootCA: Adding 0x3a0ca5d5e5b7a700 DC=de, DC=winworker, DC=goch, CN=Sander + Partner GmbH
905supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
906supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
907supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA - G2
908supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
909supR3HardenedWinIsDesiredRootCA: Adding 0x169ec2748f93b500 C=DE, ST=NRW, L=Goch, O=Sander und Partner GmbH, OU=Sander und Partner GmbH ReST API CA, CN=Sander und Partner GmbH ReST API CA, Email=winworkerrestapi@winworker.de
910supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
911supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
912supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
913supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
914supR3HardenedWinIsDesiredRootCA: Adding 0x37712e96aab9c400 C=DE, ST=NRW, L=Goch, O=SP, OU=WinWorker CA, CN=WinWorker CA
915supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
916supR3HardenedWinIsDesiredRootCA: Adding 0xec7d46e2c022ce00 O=Root CA, OU=http://www.cacert.org, CN=CA Cert Signing Authority, Email=support@cacert.org
917supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
918supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
919supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
920supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
921supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
922supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
923supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
924supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
925supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
926supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
927supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
928supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
929supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
930supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
931supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
932supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
933supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
934supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
935supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
936supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
937supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
938supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
939supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
940supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
941supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
942supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
943supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
944supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
945supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
946supR3HardenedWinRetrieveTrustedRootCAs: cAdded=43
947SUPR3HardenedMain: Load Runtime...
948\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll: Signature #1/2: info status: 24202
949supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
950supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
951supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
952supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
953supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
954supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
955supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
956supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
957supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
958supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
959supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\System32\crypt32.dll'
960supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
961supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll) WinVerifyTrust
962supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
963supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
964supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
965supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
966supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
967supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
968\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll: Signature #1/2: info status: 24202
969supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
970supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
971supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
972supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
973supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
974supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
975supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
976supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
977supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
978\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
979supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
980supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
981\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
982Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
983supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)
984supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
985supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
986supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
987supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
988supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
989supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
990supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
991supR3HardenedDllNotificationCallback: load 000000006ac90000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
992supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
993supR3HardenedDllNotificationCallback: load 000000006abf0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
994supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
995supR3HardenedDllNotificationCallback: load 00007ffc77930000 LB 0x0006d000 C:\windows\System32\WS2_32.dll [fFlags=0x0]
996supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
997supR3HardenedDllNotificationCallback: load 00007ffc16320000 LB 0x005e1000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
998supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
999Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1000supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1001supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1002supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1003supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16320000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1004Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1005supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1006Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1007supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1008supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1009supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1010supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16320000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1011Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1012supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1013Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1014supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1015supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1016supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1017supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16320000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1018Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1019supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1020Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1021supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1022supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1023supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1024supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16320000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1025Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1026supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1027Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1028supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1029supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1030supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1031supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16320000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1032Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1033supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1034Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1035supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1036supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1037supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1038supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16320000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1039Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1040supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1041Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1042supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1043supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16320000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1044Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1045supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1046Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1047supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1048supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16320000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1049Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1050supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1051Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1052supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1053supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16320000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1054Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1055supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1056Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1057supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1058supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16320000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1059Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1060supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1061Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1062supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1063supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16320000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1064Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1065supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1066Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1067supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1068supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16320000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1069Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1070supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1071Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1072supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1073supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16320000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1074Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1075supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1076Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1077supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1078supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1079supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1080supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16320000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1081Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1082supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1083Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1084supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1085supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16320000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1086Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1087supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1088Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1089supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1090supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16320000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1091Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1092supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1093Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1094supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1095supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16320000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1096Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1097supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1098Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1099supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1100supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16320000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1101Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1102supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1103Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1104supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1105supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16320000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1106Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1107supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1108Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1109supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1110supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16320000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1111Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1112supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1113Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1114supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1115supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16320000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1116Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1117supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1118Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1119supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1120supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16320000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1121Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1122supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1123Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1124supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1125supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16320000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1126Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1127supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1128Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1129supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1130supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16320000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1131Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1132supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1133Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1134supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1135supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16320000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1136Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1137supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1138Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1139supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1140supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16320000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1141Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1142supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1143Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1144supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1145supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16320000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1146Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1147supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1148Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1149supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1150supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16320000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1151Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1152supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1153Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1154supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1155supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16320000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1156Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1157supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1158Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1159supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1160supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1161supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1162supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16320000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1163Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1164supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1165Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1166supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1167supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16320000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1168Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1169supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1170Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1171supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1172supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16320000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1173Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1174supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1175supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16320000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1176supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
1177supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'
1178supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll
1179supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1180supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc76780000 'C:\windows\system32\Wintrust.dll'
1181supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
1182supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\System32\crypt32.dll'
1183supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\system32\crypt32.dll'
1184SUPR3HardenedMain: Load TrustedMain...
1185\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.dll: Signature #1/2: info status: 24202
1186supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
1187supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1188supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
1189supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
1190supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
1191supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
1192supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
1193supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1194supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.dll) WinVerifyTrust
1195supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
1196supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1197supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1198supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
1199supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1200supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
1201supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\System32\crypt32.dll'
1202supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
1203supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
1204supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll) WinVerifyTrust
1205supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
1206supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1207supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1208supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
1209supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1210supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1211supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
1212supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1213supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1214supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1215supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1216supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1217supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1218Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
1219supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
1220supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
1221supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1222supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1223Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
1224'\Device\HarddiskVolume4\Windows\System32\win32u.dll' has no imports
1225supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\win32u.dll)
1226supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\win32u.dll
1227supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
1228supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\System32\crypt32.dll'
1229supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1230supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
1231supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
1232supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll) WinVerifyTrust
1233supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1234supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1235supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1236supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1237supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1238supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1239supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1240Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
1241supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
1242supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'bcryptprimitives.dll'.
1243supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
1244supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
1245supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1246supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1247Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
1248supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll)
1249supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
1250supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
1251supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
1252supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
1253supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1254supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1255supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
1256supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\System32\crypt32.dll'
1257supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
1258supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'gdi32.dll'.
1259supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'user32.dll'.
1260supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'combase.dll'.
1261supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll) WinVerifyTrust
1262supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
1263supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1264supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1265supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
1266supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1267supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1268supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
1269supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
1270supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\System32\crypt32.dll'
1271supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\combase.dll'
1272supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1273supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1274supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
1275supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1276supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1277supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1278supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
1279supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
1280supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1281supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\System32\crypt32.dll'
1282supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
1283supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1284supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1285supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1286supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
1287supR3HardenedDllNotificationCallback: load 00007ffc76ea0000 LB 0x0032e000 C:\windows\System32\combase.dll [fFlags=0x0]
1288supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
1289supR3HardenedDllNotificationCallback: load 00007ffc75ad0000 LB 0x000a0000 C:\windows\System32\msvcp_win.dll [fFlags=0x0]
1290supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
1291supR3HardenedDllNotificationCallback: load 00007ffc766e0000 LB 0x00020000 C:\windows\System32\win32u.dll [fFlags=0x0]
1292supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
1293supR3HardenedDllNotificationCallback: load 00007ffc77690000 LB 0x00197000 C:\windows\System32\USER32.dll [fFlags=0x0]
1294supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
1295supR3HardenedDllNotificationCallback: load 00007ffc767e0000 LB 0x0019c000 C:\windows\System32\gdi32full.dll [fFlags=0x0]
1296supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1297supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
1298supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
1299supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
1300supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32full.dll)
1301supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
1302supR3HardenedDllNotificationCallback: load 00007ffc77830000 LB 0x00029000 C:\windows\System32\GDI32.dll [fFlags=0x0]
1303supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
1304supR3HardenedDllNotificationCallback: load 00007ffc772a0000 LB 0x00156000 C:\windows\System32\ole32.dll [fFlags=0x0]
1305supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
1306supR3HardenedDllNotificationCallback: load 00007ffc77860000 LB 0x000c4000 C:\windows\System32\OLEAUT32.dll [fFlags=0x0]
1307supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1308supR3HardenedDllNotificationCallback: load 00007ffc25080000 LB 0x00052000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll [fFlags=0x0]
1309supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
1310Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
1311supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
1312Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
1313supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
1314Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
1315supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
1316supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
1317supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1318supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1319supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
1320Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
1321supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
1322supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1323supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1324supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
1325supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1326supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1327supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
1328supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1329supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1330supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
1331Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
1332supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
1333supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1334supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc78350000 'C:\windows\System32\kernel32.dll'
1335Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
1336supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
1337Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
1338supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
1339Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
1340supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
1341Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
1342supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
1343Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
1344supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
1345Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
1346supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
1347supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
1348supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1349supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc76980000 'api-ms-win-core-string-l1-1-0'
1350Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
1351supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
1352Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
1353supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
1354Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
1355supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
1356Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
1357supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
1358Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
1359supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
1360Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
1361supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
1362supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
1363supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1364supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc76980000 'api-ms-win-core-datetime-l1-1-1'
1365Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
1366supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
1367Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
1368supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
1369Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
1370supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
1371Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
1372supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
1373Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
1374supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
1375Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
1376supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
1377supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
1378supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1379supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc76980000 'api-ms-win-core-localization-obsolete-l1-2-0'
1380Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
1381supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
1382Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
1383supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
1384Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
1385supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
1386supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25080000 'C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll'
1387supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
1388supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\System32\crypt32.dll'
1389supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'
1390supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
1391supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\System32\crypt32.dll'
1392supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'
1393supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
1394supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\System32\crypt32.dll'
1395supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll'
1396SUPR3HardenedMain: Calling TrustedMain (00007ffc25082ae0)...
1397supR3HardenedDllNotificationCallback: load 00007ffc759e0000 LB 0x00011000 C:\windows\System32\kernel.appcore.dll [fFlags=0x0]
1398supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
1399supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
1400supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll)
1401supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
1402supR3HardenedDllNotificationCallback: load 00007ffc79910000 LB 0x000a2000 C:\windows\System32\clbcatq.dll [fFlags=0x0]
1403supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1404supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
1405supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\clbcatq.dll)
1406supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\clbcatq.dll
1407supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1408supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1409supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1410supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1411supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
1412supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1413supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1414supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1415supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1416supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
1417supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
1418supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\System32\crypt32.dll'
1419supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\clbcatq.dll'
1420supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
1421supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\System32\crypt32.dll'
1422supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'
1423\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll: Signature #1/2: info status: 24202
1424supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
1425supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1426supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1427supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1428supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1429supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
1430supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
1431supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
1432supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
1433supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1434supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1435supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1436supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1437supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1438supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
1439supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1440supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1441supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
1442supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1443supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1444supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1445supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1446supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
1447supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1448supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1449supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
1450supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
1451supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
1452supR3HardenedDllNotificationCallback: load 00007ffc15f60000 LB 0x003c0000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
1453supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
1454supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc15f60000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
1455\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll: Signature #1/2: info status: 24202
1456supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
1457supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1458supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1459supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1460supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
1461supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
1462supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
1463supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1464supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
1465supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
1466supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1467supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1468supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1469supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1470supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1471supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1472supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1473supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
1474supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1475supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1476supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
1477supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc764f0000 'C:\windows\System32\crypt32.dll'
1478supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1479supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
1480supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
1481supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll) WinVerifyTrust
1482supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
1483supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1484supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1485supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
1486supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1487supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1488supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1489supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1490supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
1491supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1492supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1493supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
1494supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1495supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1496supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
1497supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1498supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1499supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
1500supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
1501supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
1502supR3HardenedDllNotificationCallback: load 00007ffc77240000 LB 0x00052000 C:\windows\System32\SHLWAPI.dll [fFlags=0x0]
1503supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
1504supR3HardenedDllNotificationCallback: load 00007ffc2aa90000 LB 0x000ef000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
1505supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
1506supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2aa90000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
1507supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1508supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
1509supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc77860000 'C:\Windows\System32\oleaut32.dll'
1510supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
1511supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1512supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc772a0000 'C:\windows\System32\ole32.dll'
1513supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1514supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1515supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc77860000 'C:\windows\System32\OLEAUT32.dll'
1516supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000568 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
1517supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000019eeeb0
1518supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000019eeeb0
1519supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=61B08AF50BF6163BDE34EB0C9B6605297BA2441A
1520supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1062; iCat=0x0)
1521supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000019efab0
1522supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000019efab0
1523supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=61B08AF50BF6163BDE34EB0C9B6605297BA2441A
1524supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1062)
1525supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000019ef270
1526supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000019ef270
1527supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=A8911486FE821A772FB5E353E72AF2420666FCABEE46A1961D748C10EE875AB0
1528supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1062; iCat=0x0)
1529supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000019eef70
1530supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000019eef70
1531supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=A8911486FE821A772FB5E353E72AF2420666FCABEE46A1961D748C10EE875AB0
1532supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1062)
1533supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1534supHardenedWinVerifyImageByHandle: -> -22900 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
1535Error (rc=0):
1536supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll: Not signed.
1537supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
1538Error (rc=0):
1539supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\windows\system32\wbem\wbemprox.dll' (C:\windows\system32\wbem\wbemprox.dll): rcNt=0xc0000190
1540supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\windows\system32\wbem\wbemprox.dll'
1541supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
1542Error (rc=0):
1543supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
1544Error (rc=0):
1545supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\windows\system32\wbem\wbemprox.dll' (C:\windows\system32\wbem\wbemprox.dll): rcNt=0xc0000190
1546supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\windows\system32\wbem\wbemprox.dll'
1547supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
1548supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1549supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc77520000 'C:\windows\System32\ADVAPI32.dll'
1550\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll: Signature #1/2: info status: 24202
1551supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
1552supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1553supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1554supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
1555supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1556supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1557supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1558supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1559supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1560supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
1561supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1562supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1563supR3HardenedDllNotificationCallback: load 00007ffc15be0000 LB 0x0037e000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
1564supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1565supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc15be0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
1566supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74d20000 'C:\windows\system32\rsaenh.dll'
1567supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000808 pwszName=\Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll
1568supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000019efab0
1569supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000019efab0
1570supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=592E7D18568150098B2F131AD72F2156D1CA3A58
1571supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1062; iCat=0x0)
1572supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000019ef030
1573supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000019ef030
1574supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=592E7D18568150098B2F131AD72F2156D1CA3A58
1575supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1062)
1576supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000019eef70
1577supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000019eef70
1578supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=668C2310EFB19B6732352E1B4C6B047E3037FC14D9878DA0CC690CFA6D37CE20
1579supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1062; iCat=0x0)
1580supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000019efab0
1581supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000019efab0
1582supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=668C2310EFB19B6732352E1B4C6B047E3037FC14D9878DA0CC690CFA6D37CE20
1583supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1062)
1584supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1585supHardenedWinVerifyImageByHandle: -> -22900 (\Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll) WinVerifyTrust
1586Error (rc=0):
1587supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll: Not signed.
1588supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll
1589Error (rc=0):
1590supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\System32\NetSetupShim.dll' (C:\Windows\System32\NetSetupShim.dll): rcNt=0xc0000190
1591supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\System32\NetSetupShim.dll'
1592supR3HardenedDllNotificationCallback: Unload 00007ffc2aa90000 LB 0x000ef000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
1593supR3HardenedDllNotificationCallback: Unload 00007ffc77240000 LB 0x00052000 C:\windows\System32\SHLWAPI.dll [flags=0x0]
1594supR3HardenedDllNotificationCallback: Unload 00007ffc15f60000 LB 0x003c0000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
1595Terminating the normal way: rcExit=0
1596supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1448 ms, the end);
1597supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1921 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy