VirtualBox

Ticket #20384: VBoxHardening.log

File VBoxHardening.log, 199.1 KB (added by aj123456, 3 years ago)

VBoxHardening.log

Line 
134c4.2d90: Log file opened: 6.1.22r144080 g_hStartupLog=0000000000000074 g_uNtVerCombined=0xa04a6200
234c4.2d90: \SystemRoot\System32\ntdll.dll:
334c4.2d90: CreationTime: 2021-05-12T06:36:27.338504600Z
434c4.2d90: LastWriteTime: 2021-05-12T06:36:27.380505600Z
534c4.2d90: ChangeTime: 2021-05-12T14:28:46.346542600Z
634c4.2d90: FileAttributes: 0x20
734c4.2d90: Size: 0x1ee518
834c4.2d90: NT Headers: 0xe8
934c4.2d90: Timestamp: 0xbd2c3c23
1034c4.2d90: Machine: 0x8664 - amd64
1134c4.2d90: Timestamp: 0xbd2c3c23
1234c4.2d90: Image Version: 10.0
1334c4.2d90: SizeOfImage: 0x1f5000 (2052096)
1434c4.2d90: Resource Dir: 0x184000 LB 0x6fd28
1534c4.2d90: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1634c4.2d90: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
1734c4.2d90: ProductName: Microsoft® Windows® Operating System
1834c4.2d90: ProductVersion: 10.0.19041.964
1934c4.2d90: FileVersion: 10.0.19041.964 (WinBuild.160101.0800)
2034c4.2d90: FileDescription: NT Layer DLL
2134c4.2d90: \SystemRoot\System32\kernel32.dll:
2234c4.2d90: CreationTime: 2021-04-16T09:56:31.791032000Z
2334c4.2d90: LastWriteTime: 2021-04-16T09:56:31.825652200Z
2434c4.2d90: ChangeTime: 2021-05-12T06:38:54.606319400Z
2534c4.2d90: FileAttributes: 0x20
2634c4.2d90: Size: 0xbac30
2734c4.2d90: NT Headers: 0xe8
2834c4.2d90: Timestamp: 0x61e69688
2934c4.2d90: Machine: 0x8664 - amd64
3034c4.2d90: Timestamp: 0x61e69688
3134c4.2d90: Image Version: 10.0
3234c4.2d90: SizeOfImage: 0xbd000 (774144)
3334c4.2d90: Resource Dir: 0xbb000 LB 0x520
3434c4.2d90: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3534c4.2d90: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3634c4.2d90: ProductName: Microsoft® Windows® Operating System
3734c4.2d90: ProductVersion: 10.0.19041.928
3834c4.2d90: FileVersion: 10.0.19041.928 (WinBuild.160101.0800)
3934c4.2d90: FileDescription: Windows NT BASE API Client DLL
4034c4.2d90: \SystemRoot\System32\KernelBase.dll:
4134c4.2d90: CreationTime: 2021-05-12T06:36:28.573351500Z
4234c4.2d90: LastWriteTime: 2021-05-12T06:36:28.642395500Z
4334c4.2d90: ChangeTime: 2021-05-12T14:28:44.541672000Z
4434c4.2d90: FileAttributes: 0x20
4534c4.2d90: Size: 0x2c8b70
4634c4.2d90: NT Headers: 0xf0
4734c4.2d90: Timestamp: 0x812662a7
4834c4.2d90: Machine: 0x8664 - amd64
4934c4.2d90: Timestamp: 0x812662a7
5034c4.2d90: Image Version: 10.0
5134c4.2d90: SizeOfImage: 0x2c8000 (2916352)
5234c4.2d90: Resource Dir: 0x29f000 LB 0x548
5334c4.2d90: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5434c4.2d90: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
5534c4.2d90: ProductName: Microsoft® Windows® Operating System
5634c4.2d90: ProductVersion: 10.0.19041.964
5734c4.2d90: FileVersion: 10.0.19041.964 (WinBuild.160101.0800)
5834c4.2d90: FileDescription: Windows NT BASE API Client DLL
5934c4.2d90: \SystemRoot\System32\apisetschema.dll:
6034c4.2d90: CreationTime: 2019-12-07T09:08:13.518339400Z
6134c4.2d90: LastWriteTime: 2019-12-07T09:08:13.518339400Z
6234c4.2d90: ChangeTime: 2021-05-12T06:38:54.584643200Z
6334c4.2d90: FileAttributes: 0x20
6434c4.2d90: Size: 0x1f538
6534c4.2d90: NT Headers: 0xd0
6634c4.2d90: Timestamp: 0x31288ce0
6734c4.2d90: Machine: 0x8664 - amd64
6834c4.2d90: Timestamp: 0x31288ce0
6934c4.2d90: Image Version: 10.0
7034c4.2d90: SizeOfImage: 0x20000 (131072)
7134c4.2d90: Resource Dir: 0x1f000 LB 0x408
7234c4.2d90: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7334c4.2d90: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
7434c4.2d90: ProductName: Microsoft® Windows® Operating System
7534c4.2d90: ProductVersion: 10.0.19041.1
7634c4.2d90: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
7734c4.2d90: FileDescription: ApiSet Schema DLL
7834c4.2d90: NtOpenDirectoryObject failed on \Driver: 0xc0000022
7934c4.2d90: supR3HardenedWinFindAdversaries: 0x40
8034c4.2d90: \SystemRoot\System32\drivers\klflt.sys:
8134c4.2d90: CreationTime: 2016-06-07T11:00:53.494905500Z
8234c4.2d90: LastWriteTime: 2021-02-19T10:08:56.000000000Z
8334c4.2d90: ChangeTime: 2021-04-10T10:39:46.293657900Z
8434c4.2d90: FileAttributes: 0x20
8534c4.2d90: Size: 0x7db18
8634c4.2d90: NT Headers: 0xf8
8734c4.2d90: Timestamp: 0x602fa5ed
8834c4.2d90: Machine: 0x8664 - amd64
8934c4.2d90: Timestamp: 0x602fa5ed
9034c4.2d90: Image Version: 6.1
9134c4.2d90: SizeOfImage: 0x8a000 (565248)
9234c4.2d90: Resource Dir: 0x87000 LB 0x438
9334c4.2d90: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
9434c4.2d90: [Raw version resource data: 0x87060 LB 0x3d4, codepage 0x0 (reserved 0x0)]
9534c4.2d90: ProductName: Coretech Delivery
9634c4.2d90: ProductVersion: 30.587.0.1060-d1e602ad69
9734c4.2d90: FileVersion: 30.587.0.1060
9834c4.2d90: FileDescription: Filter Core [fre_win7_x64]
9934c4.2d90: \SystemRoot\System32\drivers\klif.sys:
10034c4.2d90: CreationTime: 2016-06-07T11:00:53.463681400Z
10134c4.2d90: LastWriteTime: 2021-02-19T10:08:56.000000000Z
10234c4.2d90: ChangeTime: 2021-04-10T10:39:46.293657900Z
10334c4.2d90: FileAttributes: 0x20
10434c4.2d90: Size: 0xfe918
10534c4.2d90: NT Headers: 0xf0
10634c4.2d90: Timestamp: 0x602fa625
10734c4.2d90: Machine: 0x8664 - amd64
10834c4.2d90: Timestamp: 0x602fa625
10934c4.2d90: Image Version: 6.1
11034c4.2d90: SizeOfImage: 0x100000 (1048576)
11134c4.2d90: Resource Dir: 0xf3000 LB 0x6270
11234c4.2d90: [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)]
11334c4.2d90: [Raw version resource data: 0xf8e80 LB 0x3ec, codepage 0x0 (reserved 0x0)]
11434c4.2d90: ProductName: Coretech Delivery
11534c4.2d90: ProductVersion: 30.587.0.1060-d1e602ad69
11634c4.2d90: FileVersion: 30.587.0.1060
11734c4.2d90: FileDescription: Core System Interceptors [fre_win7_x64]
11834c4.2d90: \SystemRoot\System32\drivers\klim6.sys:
11934c4.2d90: CreationTime: 2021-02-19T10:08:56.000000000Z
12034c4.2d90: LastWriteTime: 2021-02-19T10:08:56.000000000Z
12134c4.2d90: ChangeTime: 2021-04-09T16:40:55.050376400Z
12234c4.2d90: FileAttributes: 0x20
12334c4.2d90: Size: 0x17ef8
12434c4.2d90: NT Headers: 0xe8
12534c4.2d90: Timestamp: 0xd15ac501
12634c4.2d90: Machine: 0x8664 - amd64
12734c4.2d90: Timestamp: 0xd15ac501
12834c4.2d90: Image Version: 6.1
12934c4.2d90: SizeOfImage: 0x15000 (86016)
13034c4.2d90: Resource Dir: 0x13000 LB 0x448
13134c4.2d90: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
13234c4.2d90: [Raw version resource data: 0x13060 LB 0x3e4, codepage 0x0 (reserved 0x0)]
13334c4.2d90: ProductName: Coretech Delivery
13434c4.2d90: ProductVersion: 30.587.0.930-ef5965511c
13534c4.2d90: FileVersion: 30.587.0.930
13634c4.2d90: FileDescription: Packet Network Filter [fre_win7_x64]
13734c4.2d90: \SystemRoot\System32\drivers\klkbdflt.sys:
13834c4.2d90: CreationTime: 2015-06-06T03:01:42.000000000Z
13934c4.2d90: LastWriteTime: 2021-02-19T10:08:58.000000000Z
14034c4.2d90: ChangeTime: 2021-04-10T10:39:46.293657900Z
14134c4.2d90: FileAttributes: 0x20
14234c4.2d90: Size: 0x1b708
14334c4.2d90: NT Headers: 0xe0
14434c4.2d90: Timestamp: 0x600ef6fc
14534c4.2d90: Machine: 0x8664 - amd64
14634c4.2d90: Timestamp: 0x600ef6fc
14734c4.2d90: Image Version: 6.1
14834c4.2d90: SizeOfImage: 0x19000 (102400)
14934c4.2d90: Resource Dir: 0x17000 LB 0x450
15034c4.2d90: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
15134c4.2d90: [Raw version resource data: 0x17060 LB 0x3ec, codepage 0x0 (reserved 0x0)]
15234c4.2d90: ProductName: Coretech Delivery
15334c4.2d90: ProductVersion: 30.587.0.170-e30f0c58d6
15434c4.2d90: FileVersion: 30.587.0.170
15534c4.2d90: FileDescription: Keyboard Device Filter [fre_win7_x64]
15634c4.2d90: \SystemRoot\System32\drivers\klmouflt.sys:
15734c4.2d90: CreationTime: 2015-06-06T20:22:56.000000000Z
15834c4.2d90: LastWriteTime: 2021-02-19T10:08:58.000000000Z
15934c4.2d90: ChangeTime: 2021-04-10T10:39:46.293657900Z
16034c4.2d90: FileAttributes: 0x20
16134c4.2d90: Size: 0x1b908
16234c4.2d90: NT Headers: 0xe0
16334c4.2d90: Timestamp: 0x600ef6fe
16434c4.2d90: Machine: 0x8664 - amd64
16534c4.2d90: Timestamp: 0x600ef6fe
16634c4.2d90: Image Version: 6.1
16734c4.2d90: SizeOfImage: 0x1a000 (106496)
16834c4.2d90: Resource Dir: 0x18000 LB 0x448
16934c4.2d90: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
17034c4.2d90: [Raw version resource data: 0x18060 LB 0x3e8, codepage 0x0 (reserved 0x0)]
17134c4.2d90: ProductName: Coretech Delivery
17234c4.2d90: ProductVersion: 30.587.0.170-e30f0c58d6
17334c4.2d90: FileVersion: 30.587.0.170
17434c4.2d90: FileDescription: Mouse Device Filter [fre_win7_x64]
17534c4.2d90: \SystemRoot\System32\drivers\kneps.sys:
17634c4.2d90: CreationTime: 2015-06-23T13:00:50.000000000Z
17734c4.2d90: LastWriteTime: 2021-02-19T10:09:02.000000000Z
17834c4.2d90: ChangeTime: 2021-04-10T10:39:46.293657900Z
17934c4.2d90: FileAttributes: 0x20
18034c4.2d90: Size: 0x49708
18134c4.2d90: NT Headers: 0x100
18234c4.2d90: Timestamp: 0xceae8f0e
18334c4.2d90: Machine: 0x8664 - amd64
18434c4.2d90: Timestamp: 0xceae8f0e
18534c4.2d90: Image Version: 6.1
18634c4.2d90: SizeOfImage: 0x49000 (299008)
18734c4.2d90: Resource Dir: 0x46000 LB 0x440
18834c4.2d90: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
18934c4.2d90: [Raw version resource data: 0x46060 LB 0x3dc, codepage 0x0 (reserved 0x0)]
19034c4.2d90: ProductName: Coretech Delivery
19134c4.2d90: ProductVersion: 30.587.0.460-f74872ca72
19234c4.2d90: FileVersion: 30.587.0.460
19334c4.2d90: FileDescription: Network Processor [fre_win7_x64]
19434c4.2d90: \SystemRoot\System32\klfphc.dll:
19534c4.2d90: CreationTime: 2016-06-07T11:01:17.966043900Z
19634c4.2d90: LastWriteTime: 2021-02-19T10:09:00.000000000Z
19734c4.2d90: ChangeTime: 2021-04-10T10:39:46.153062800Z
19834c4.2d90: FileAttributes: 0x20
19934c4.2d90: Size: 0x1ae60
20034c4.2d90: NT Headers: 0xe8
20134c4.2d90: Timestamp: 0x51873bf2
20234c4.2d90: Machine: 0x8664 - amd64
20334c4.2d90: Timestamp: 0x51873bf2
20434c4.2d90: Image Version: 0.0
20534c4.2d90: SizeOfImage: 0x1d000 (118784)
20634c4.2d90: Resource Dir: 0x18000 LB 0x3c80
20734c4.2d90: [Version info resource found at 0x188! (ID/Name: 0x1; SubID/SubName: 0x409)]
20834c4.2d90: [Raw version resource data: 0x1b800 LB 0x324, codepage 0x4e4 (reserved 0x0)]
20934c4.2d90: ProductName: Kaspersky™ Anti-Virus ®
21034c4.2d90: ProductVersion: 1.0.0.12
21134c4.2d90: FileVersion: 1.0.0.12
21234c4.2d90: FileDescription: Filtering Platform Helper Class
21334c4.2d90: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
21434c4.2d90: Calling main()
21534c4.2d90: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
21634c4.2d90: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
21734c4.2d90: SUPR3HardenedMain: Respawn #1
21834c4.2d90: System32: \Device\HarddiskVolume3\Windows\System32
21934c4.2d90: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
22034c4.2d90: KnownDllPath: C:\WINDOWS\System32
22134c4.2d90: supR3HardenedWinInit: Performing a limited self purification...
22234c4.2d90: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
22334c4.2d90: *0000000000000000-000000000040ffff 0x0001/0x0000 0x0000000
22434c4.2d90: *0000000000410000-000000000041ffff 0x0004/0x0004 0x0040000
22534c4.2d90: 0000000000420000-000000000042ffff 0x0001/0x0000 0x0000000
22634c4.2d90: *0000000000430000-000000000044cfff 0x0002/0x0002 0x0040000
22734c4.2d90: 000000000044d000-000000000044ffff 0x0001/0x0000 0x0000000
22834c4.2d90: *0000000000450000-0000000000500fff 0x0000/0x0004 0x0020000
22934c4.2d90: 0000000000501000-0000000000503fff 0x0104/0x0004 0x0020000
23034c4.2d90: 0000000000504000-000000000054ffff 0x0004/0x0004 0x0020000
23134c4.2d90: *0000000000550000-0000000000553fff 0x0002/0x0002 0x0040000
23234c4.2d90: 0000000000554000-000000000055ffff 0x0001/0x0000 0x0000000
23334c4.2d90: *0000000000560000-0000000000561fff 0x0004/0x0004 0x0020000
23434c4.2d90: 0000000000562000-000000000056ffff 0x0001/0x0000 0x0000000
23534c4.2d90: *0000000000570000-0000000000571fff 0x0004/0x0004 0x0020000
23634c4.2d90: 0000000000572000-00000000005a1fff 0x0000/0x0004 0x0020000
23734c4.2d90: 00000000005a2000-00000000005fffff 0x0001/0x0000 0x0000000
23834c4.2d90: *0000000000600000-00000000007d4fff 0x0000/0x0004 0x0020000
23934c4.2d90: 00000000007d5000-00000000007d7fff 0x0004/0x0004 0x0020000
24034c4.2d90: 00000000007d8000-00000000007fffff 0x0000/0x0004 0x0020000
24134c4.2d90: 0000000000800000-000000000086ffff 0x0001/0x0000 0x0000000
24234c4.2d90: *0000000000870000-0000000000875fff 0x0004/0x0004 0x0020000
24334c4.2d90: 0000000000876000-000000000096ffff 0x0000/0x0004 0x0020000
24434c4.2d90: *0000000000970000-0000000000a38fff 0x0002/0x0002 0x0040000
24534c4.2d90: 0000000000a39000-0000000000a3ffff 0x0001/0x0000 0x0000000
24634c4.2d90: *0000000000a40000-0000000000a64fff 0x0004/0x0004 0x0020000
24734c4.2d90: 0000000000a65000-0000000000b3ffff 0x0000/0x0004 0x0020000
24834c4.2d90: 0000000000b40000-0000000000c0ffff 0x0001/0x0000 0x0000000
24934c4.2d90: *0000000000c10000-0000000000c1efff 0x0004/0x0004 0x0020000
25034c4.2d90: 0000000000c1f000-0000000000c1ffff 0x0000/0x0004 0x0020000
25134c4.2d90: *0000000000c20000-0000000000c24fff 0x0000/0x0004 0x0020000
25234c4.2d90: 0000000000c25000-0000000000e1afff 0x0004/0x0004 0x0020000
25334c4.2d90: 0000000000e1b000-0000000000e1bfff 0x0000/0x0004 0x0020000
25434c4.2d90: 0000000000e1c000-000000007ffdffff 0x0001/0x0000 0x0000000
25534c4.2d90: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
25634c4.2d90: 000000007ffe1000-000000007ffebfff 0x0001/0x0000 0x0000000
25734c4.2d90: *000000007ffec000-000000007ffecfff 0x0002/0x0002 0x0020000
25834c4.2d90: 000000007ffed000-00007ff43392ffff 0x0001/0x0000 0x0000000
25934c4.2d90: *00007ff433930000-00007ff433934fff 0x0002/0x0002 0x0040000
26034c4.2d90: 00007ff433935000-00007ff433a2ffff 0x0000/0x0002 0x0040000
26134c4.2d90: *00007ff433a30000-00007ff533a4ffff 0x0000/0x0004 0x0020000
26234c4.2d90: *00007ff533a50000-00007ff535a4ffff 0x0000/0x0004 0x0020000
26334c4.2d90: 00007ff535a50000-00007ff535a50fff 0x0004/0x0004 0x0020000
26434c4.2d90: 00007ff535a51000-00007ff535a5ffff 0x0001/0x0000 0x0000000
26534c4.2d90: *00007ff535a60000-00007ff535a60fff 0x0002/0x0002 0x0040000
26634c4.2d90: 00007ff535a61000-00007ff535a6ffff 0x0001/0x0000 0x0000000
26734c4.2d90: *00007ff535a70000-00007ff535a92fff 0x0002/0x0002 0x0040000
26834c4.2d90: 00007ff535a93000-00007ff6ca31ffff 0x0001/0x0000 0x0000000
26934c4.2d90: *00007ff6ca320000-00007ff6ca320fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
27034c4.2d90: 00007ff6ca321000-00007ff6ca397fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
27134c4.2d90: 00007ff6ca398000-00007ff6ca398fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
27234c4.2d90: 00007ff6ca399000-00007ff6ca3e1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
27334c4.2d90: 00007ff6ca3e2000-00007ff6ca3e4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
27434c4.2d90: 00007ff6ca3e5000-00007ff6ca3e7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
27534c4.2d90: 00007ff6ca3e8000-00007ff6ca3eafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
27634c4.2d90: 00007ff6ca3eb000-00007ff6ca3ebfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
27734c4.2d90: 00007ff6ca3ec000-00007ff6ca3edfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
27834c4.2d90: 00007ff6ca3ee000-00007ff6ca3eefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
27934c4.2d90: 00007ff6ca3ef000-00007ff6ca437fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
28034c4.2d90: 00007ff6ca438000-00007ffb7dc7ffff 0x0001/0x0000 0x0000000
28134c4.2d90: *00007ffb7dc80000-00007ffb7dc80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
28234c4.2d90: 00007ffb7dc81000-00007ffb7dd91fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
28334c4.2d90: 00007ffb7dd92000-00007ffb7df09fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
28434c4.2d90: 00007ffb7df0a000-00007ffb7df0dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
28534c4.2d90: 00007ffb7df0e000-00007ffb7df0efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
28634c4.2d90: 00007ffb7df0f000-00007ffb7df47fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
28734c4.2d90: 00007ffb7df48000-00007ffb7fcaffff 0x0001/0x0000 0x0000000
28834c4.2d90: *00007ffb7fcb0000-00007ffb7fcb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
28934c4.2d90: 00007ffb7fcb1000-00007ffb7fd2efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
29034c4.2d90: 00007ffb7fd2f000-00007ffb7fd61fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
29134c4.2d90: 00007ffb7fd62000-00007ffb7fd62fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
29234c4.2d90: 00007ffb7fd63000-00007ffb7fd63fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
29334c4.2d90: 00007ffb7fd64000-00007ffb7fd6cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
29434c4.2d90: 00007ffb7fd6d000-00007ffb800cffff 0x0001/0x0000 0x0000000
29534c4.2d90: *00007ffb800d0000-00007ffb800d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
29634c4.2d90: 00007ffb800d1000-00007ffb801ebfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
29734c4.2d90: 00007ffb801ec000-00007ffb80233fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
29834c4.2d90: 00007ffb80234000-00007ffb80234fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
29934c4.2d90: 00007ffb80235000-00007ffb80236fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
30034c4.2d90: 00007ffb80237000-00007ffb8023ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
30134c4.2d90: 00007ffb80240000-00007ffb802c4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
30234c4.2d90: 00007ffb802c5000-00007ffffffeffff 0x0001/0x0000 0x0000000
30334c4.2d90: kernel32.dll: timestamp 0x61e69688 (rc=VINF_SUCCESS)
30434c4.2d90: kernelbase.dll: timestamp 0x812662a7 (rc=VINF_SUCCESS)
30534c4.2d90: VirtualBoxVM.exe: timestamp 0x60898c77 (rc=VINF_SUCCESS)
30634c4.2d90: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
30734c4.2d90: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
30834c4.2d90: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
30934c4.2d90: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0
31034c4.2d90: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
31134c4.2d90: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
31234c4.2d90: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
31334c4.2d90: supR3HardNtEnableThreadCreationEx:
31434c4.2d90: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb80144b10 pvNtTerminateThread=00007ffb8016d870
31534c4.2d90: supR3HardenedWinDoReSpawn(1): New child 1554.2764 [kernel32].
31634c4.2d90: supR3HardNtChildGatherData: PebBaseAddress=00000000004c9000 cbPeb=0x388
31734c4.2d90: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffb800d0000 uNtDllChildAddr=00007ffb800d0000
31834c4.2d90: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffb80144b10
31934c4.2d90: supR3HardenedWinSetupChildInit: Initial context:
320 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff6ca327900 rdx=00000000004c9000
321 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
322 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
323 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
324 rip=00007ffb80122630 rsp=00000000006ffed8 rbp=0000000000000000 ctxflags=0010001b
325 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
326 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
327 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
328 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
329 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
33034c4.2d90: supR3HardenedWinSetupChildInit: Start child.
33134c4.2d90: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 2 ms.
33234c4.2d90: supR3HardNtChildPurify: Startup delay kludge #1/0: 527 ms, 34 sleeps
33334c4.2d90: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
33434c4.2d90: *0000000000000000-00000000002cffff 0x0001/0x0000 0x0000000
33534c4.2d90: *00000000002d0000-00000000002effff 0x0004/0x0004 0x0020000
33634c4.2d90: *00000000002f0000-000000000030cfff 0x0002/0x0002 0x0040000
33734c4.2d90: 000000000030d000-000000000030ffff 0x0001/0x0000 0x0000000
33834c4.2d90: *0000000000310000-0000000000313fff 0x0002/0x0002 0x0040000
33934c4.2d90: 0000000000314000-000000000031ffff 0x0001/0x0000 0x0000000
34034c4.2d90: *0000000000320000-0000000000321fff 0x0004/0x0004 0x0020000
34134c4.2d90: 0000000000322000-00000000003fffff 0x0001/0x0000 0x0000000
34234c4.2d90: *0000000000400000-00000000004c8fff 0x0000/0x0004 0x0020000
34334c4.2d90: 00000000004c9000-00000000004cbfff 0x0004/0x0004 0x0020000
34434c4.2d90: 00000000004cc000-00000000005fffff 0x0000/0x0004 0x0020000
34534c4.2d90: *0000000000600000-00000000006fafff 0x0000/0x0004 0x0020000
34634c4.2d90: 00000000006fb000-00000000006fdfff 0x0104/0x0004 0x0020000
34734c4.2d90: 00000000006fe000-00000000006fffff 0x0004/0x0004 0x0020000
34834c4.2d90: 0000000000700000-000000007ffdffff 0x0001/0x0000 0x0000000
34934c4.2d90: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
35034c4.2d90: 000000007ffe1000-000000007ffebfff 0x0001/0x0000 0x0000000
35134c4.2d90: *000000007ffec000-000000007ffecfff 0x0002/0x0002 0x0020000
35234c4.2d90: 000000007ffed000-00007ff5f572ffff 0x0001/0x0000 0x0000000
35334c4.2d90: *00007ff5f5730000-00007ff5f5730fff 0x0002/0x0002 0x0040000
35434c4.2d90: 00007ff5f5731000-00007ff5f573ffff 0x0001/0x0000 0x0000000
35534c4.2d90: *00007ff5f5740000-00007ff5f5762fff 0x0002/0x0002 0x0040000
35634c4.2d90: 00007ff5f5763000-00007ff6ca31ffff 0x0001/0x0000 0x0000000
35734c4.2d90: *00007ff6ca320000-00007ff6ca320fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
35834c4.2d90: 00007ff6ca321000-00007ff6ca397fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
35934c4.2d90: 00007ff6ca398000-00007ff6ca398fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
36034c4.2d90: 00007ff6ca399000-00007ff6ca3e1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
36134c4.2d90: 00007ff6ca3e2000-00007ff6ca3e2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
36234c4.2d90: 00007ff6ca3e3000-00007ff6ca3e3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
36334c4.2d90: 00007ff6ca3e4000-00007ff6ca3e8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
36434c4.2d90: 00007ff6ca3e9000-00007ff6ca3e9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
36534c4.2d90: 00007ff6ca3ea000-00007ff6ca3eafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
36634c4.2d90: 00007ff6ca3eb000-00007ff6ca3eefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
36734c4.2d90: 00007ff6ca3ef000-00007ff6ca437fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
36834c4.2d90: 00007ff6ca438000-00007ffb800cffff 0x0001/0x0000 0x0000000
36934c4.2d90: *00007ffb800d0000-00007ffb800d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
37034c4.2d90: 00007ffb800d1000-00007ffb801ebfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
37134c4.2d90: 00007ffb801ec000-00007ffb80233fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
37234c4.2d90: 00007ffb80234000-00007ffb8023ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
37334c4.2d90: 00007ffb80240000-00007ffb8024efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
37434c4.2d90: 00007ffb8024f000-00007ffb8024ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
37534c4.2d90: 00007ffb80250000-00007ffb80252fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
37634c4.2d90: 00007ffb80253000-00007ffb802c4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
37734c4.2d90: 00007ffb802c5000-00007ffffffeffff 0x0001/0x0000 0x0000000
37834c4.2d90: supR3HardNtChildPurify: Done after 530 ms and 0 fixes (loop #0).
3791554.2764: Log file opened: 6.1.22r144080 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa04a6200
3801554.2764: supR3HardenedVmProcessInit: uNtDllAddr=00007ffb800d0000 g_uNtVerCombined=0xa04a6200 (stack ~00000000006ff968)
3811554.2764: ntdll.dll: timestamp 0xbd2c3c23 (rc=VINF_SUCCESS)
3821554.2764: New simple heap: #1 0000000000800000 LB 0x400000 (for 2052096 allocation)
38334c4.2d90: supR3HardNtEnableThreadCreationEx:
3841554.2764: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
3851554.2764: System32: \Device\HarddiskVolume3\Windows\System32
3861554.2764: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
3871554.2764: KnownDllPath: C:\WINDOWS\System32
3881554.2764: supR3HardenedVmProcessInit: Opening vboxdrv stub...
3891554.2764: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3901554.2764: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3911554.2764: Registered Dll notification callback with NTDLL.
3921554.2764: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
3931554.2764: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
3941554.2764: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
3951554.2764: supR3HardenedDllNotificationCallback: load 00007ffb7dc80000 LB 0x002c8000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
3961554.2764: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
3971554.2764: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
3981554.2764: supR3HardenedDllNotificationCallback: load 00007ffb7fcb0000 LB 0x000bd000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
3991554.2764: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
4001554.2764: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7fcb0000 'C:\WINDOWS\System32\KERNEL32.DLL'
4011554.2764: supR3HardenedDllNotificationCallback: load 00007ff6ca320000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
4021554.2764: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
4031554.2764: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
4041554.2764: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
4051554.2764: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4061554.2764: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb80144b10 pvNtTerminateThread=00007ffb8016d870
40734c4.2d90: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 111 ms.
4081554.2764: \SystemRoot\System32\ntdll.dll:
4091554.2764: CreationTime: 2021-05-12T06:36:27.338504600Z
4101554.2764: LastWriteTime: 2021-05-12T06:36:27.380505600Z
4111554.2764: ChangeTime: 2021-05-12T14:28:46.346542600Z
4121554.2764: FileAttributes: 0x20
4131554.2764: Size: 0x1ee518
4141554.2764: NT Headers: 0xe8
4151554.2764: Timestamp: 0xbd2c3c23
4161554.2764: Machine: 0x8664 - amd64
4171554.2764: Timestamp: 0xbd2c3c23
4181554.2764: Image Version: 10.0
4191554.2764: SizeOfImage: 0x1f5000 (2052096)
4201554.2764: Resource Dir: 0x184000 LB 0x6fd28
4211554.2764: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
4221554.2764: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
4231554.2764: ProductName: Microsoft® Windows® Operating System
4241554.2764: ProductVersion: 10.0.19041.964
4251554.2764: FileVersion: 10.0.19041.964 (WinBuild.160101.0800)
4261554.2764: FileDescription: NT Layer DLL
4271554.2764: \SystemRoot\System32\kernel32.dll:
4281554.2764: CreationTime: 2021-04-16T09:56:31.791032000Z
4291554.2764: LastWriteTime: 2021-04-16T09:56:31.825652200Z
4301554.2764: ChangeTime: 2021-05-12T06:38:54.606319400Z
4311554.2764: FileAttributes: 0x20
4321554.2764: Size: 0xbac30
4331554.2764: NT Headers: 0xe8
4341554.2764: Timestamp: 0x61e69688
4351554.2764: Machine: 0x8664 - amd64
4361554.2764: Timestamp: 0x61e69688
4371554.2764: Image Version: 10.0
4381554.2764: SizeOfImage: 0xbd000 (774144)
4391554.2764: Resource Dir: 0xbb000 LB 0x520
4401554.2764: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
4411554.2764: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
4421554.2764: ProductName: Microsoft® Windows® Operating System
4431554.2764: ProductVersion: 10.0.19041.928
4441554.2764: FileVersion: 10.0.19041.928 (WinBuild.160101.0800)
4451554.2764: FileDescription: Windows NT BASE API Client DLL
4461554.2764: \SystemRoot\System32\KernelBase.dll:
4471554.2764: CreationTime: 2021-05-12T06:36:28.573351500Z
4481554.2764: LastWriteTime: 2021-05-12T06:36:28.642395500Z
4491554.2764: ChangeTime: 2021-05-12T14:28:44.541672000Z
4501554.2764: FileAttributes: 0x20
4511554.2764: Size: 0x2c8b70
4521554.2764: NT Headers: 0xf0
4531554.2764: Timestamp: 0x812662a7
4541554.2764: Machine: 0x8664 - amd64
4551554.2764: Timestamp: 0x812662a7
4561554.2764: Image Version: 10.0
4571554.2764: SizeOfImage: 0x2c8000 (2916352)
4581554.2764: Resource Dir: 0x29f000 LB 0x548
4591554.2764: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
4601554.2764: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
4611554.2764: ProductName: Microsoft® Windows® Operating System
4621554.2764: ProductVersion: 10.0.19041.964
4631554.2764: FileVersion: 10.0.19041.964 (WinBuild.160101.0800)
4641554.2764: FileDescription: Windows NT BASE API Client DLL
4651554.2764: \SystemRoot\System32\apisetschema.dll:
4661554.2764: CreationTime: 2019-12-07T09:08:13.518339400Z
4671554.2764: LastWriteTime: 2019-12-07T09:08:13.518339400Z
4681554.2764: ChangeTime: 2021-05-12T06:38:54.584643200Z
4691554.2764: FileAttributes: 0x20
4701554.2764: Size: 0x1f538
4711554.2764: NT Headers: 0xd0
4721554.2764: Timestamp: 0x31288ce0
4731554.2764: Machine: 0x8664 - amd64
4741554.2764: Timestamp: 0x31288ce0
4751554.2764: Image Version: 10.0
4761554.2764: SizeOfImage: 0x20000 (131072)
4771554.2764: Resource Dir: 0x1f000 LB 0x408
4781554.2764: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
4791554.2764: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
4801554.2764: ProductName: Microsoft® Windows® Operating System
4811554.2764: ProductVersion: 10.0.19041.1
4821554.2764: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
4831554.2764: FileDescription: ApiSet Schema DLL
4841554.2764: NtOpenDirectoryObject failed on \Driver: 0xc0000022
4851554.2764: supR3HardenedWinFindAdversaries: 0x40
4861554.2764: \SystemRoot\System32\drivers\klflt.sys:
4871554.2764: CreationTime: 2016-06-07T11:00:53.494905500Z
4881554.2764: LastWriteTime: 2021-02-19T10:08:56.000000000Z
4891554.2764: ChangeTime: 2021-04-10T10:39:46.293657900Z
4901554.2764: FileAttributes: 0x20
4911554.2764: Size: 0x7db18
4921554.2764: NT Headers: 0xf8
4931554.2764: Timestamp: 0x602fa5ed
4941554.2764: Machine: 0x8664 - amd64
4951554.2764: Timestamp: 0x602fa5ed
4961554.2764: Image Version: 6.1
4971554.2764: SizeOfImage: 0x8a000 (565248)
4981554.2764: Resource Dir: 0x87000 LB 0x438
4991554.2764: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
5001554.2764: [Raw version resource data: 0x87060 LB 0x3d4, codepage 0x0 (reserved 0x0)]
5011554.2764: ProductName: Coretech Delivery
5021554.2764: ProductVersion: 30.587.0.1060-d1e602ad69
5031554.2764: FileVersion: 30.587.0.1060
5041554.2764: FileDescription: Filter Core [fre_win7_x64]
5051554.2764: \SystemRoot\System32\drivers\klif.sys:
5061554.2764: CreationTime: 2016-06-07T11:00:53.463681400Z
5071554.2764: LastWriteTime: 2021-02-19T10:08:56.000000000Z
5081554.2764: ChangeTime: 2021-04-10T10:39:46.293657900Z
5091554.2764: FileAttributes: 0x20
5101554.2764: Size: 0xfe918
5111554.2764: NT Headers: 0xf0
5121554.2764: Timestamp: 0x602fa625
5131554.2764: Machine: 0x8664 - amd64
5141554.2764: Timestamp: 0x602fa625
5151554.2764: Image Version: 6.1
5161554.2764: SizeOfImage: 0x100000 (1048576)
5171554.2764: Resource Dir: 0xf3000 LB 0x6270
5181554.2764: [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)]
5191554.2764: [Raw version resource data: 0xf8e80 LB 0x3ec, codepage 0x0 (reserved 0x0)]
5201554.2764: ProductName: Coretech Delivery
5211554.2764: ProductVersion: 30.587.0.1060-d1e602ad69
5221554.2764: FileVersion: 30.587.0.1060
5231554.2764: FileDescription: Core System Interceptors [fre_win7_x64]
5241554.2764: \SystemRoot\System32\drivers\klim6.sys:
5251554.2764: CreationTime: 2021-02-19T10:08:56.000000000Z
5261554.2764: LastWriteTime: 2021-02-19T10:08:56.000000000Z
5271554.2764: ChangeTime: 2021-04-09T16:40:55.050376400Z
5281554.2764: FileAttributes: 0x20
5291554.2764: Size: 0x17ef8
5301554.2764: NT Headers: 0xe8
5311554.2764: Timestamp: 0xd15ac501
5321554.2764: Machine: 0x8664 - amd64
5331554.2764: Timestamp: 0xd15ac501
5341554.2764: Image Version: 6.1
5351554.2764: SizeOfImage: 0x15000 (86016)
5361554.2764: Resource Dir: 0x13000 LB 0x448
5371554.2764: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
5381554.2764: [Raw version resource data: 0x13060 LB 0x3e4, codepage 0x0 (reserved 0x0)]
5391554.2764: ProductName: Coretech Delivery
5401554.2764: ProductVersion: 30.587.0.930-ef5965511c
5411554.2764: FileVersion: 30.587.0.930
5421554.2764: FileDescription: Packet Network Filter [fre_win7_x64]
5431554.2764: \SystemRoot\System32\drivers\klkbdflt.sys:
5441554.2764: CreationTime: 2015-06-06T03:01:42.000000000Z
5451554.2764: LastWriteTime: 2021-02-19T10:08:58.000000000Z
5461554.2764: ChangeTime: 2021-04-10T10:39:46.293657900Z
5471554.2764: FileAttributes: 0x20
5481554.2764: Size: 0x1b708
5491554.2764: NT Headers: 0xe0
5501554.2764: Timestamp: 0x600ef6fc
5511554.2764: Machine: 0x8664 - amd64
5521554.2764: Timestamp: 0x600ef6fc
5531554.2764: Image Version: 6.1
5541554.2764: SizeOfImage: 0x19000 (102400)
5551554.2764: Resource Dir: 0x17000 LB 0x450
5561554.2764: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
5571554.2764: [Raw version resource data: 0x17060 LB 0x3ec, codepage 0x0 (reserved 0x0)]
5581554.2764: ProductName: Coretech Delivery
5591554.2764: ProductVersion: 30.587.0.170-e30f0c58d6
5601554.2764: FileVersion: 30.587.0.170
5611554.2764: FileDescription: Keyboard Device Filter [fre_win7_x64]
5621554.2764: \SystemRoot\System32\drivers\klmouflt.sys:
5631554.2764: CreationTime: 2015-06-06T20:22:56.000000000Z
5641554.2764: LastWriteTime: 2021-02-19T10:08:58.000000000Z
5651554.2764: ChangeTime: 2021-04-10T10:39:46.293657900Z
5661554.2764: FileAttributes: 0x20
5671554.2764: Size: 0x1b908
5681554.2764: NT Headers: 0xe0
5691554.2764: Timestamp: 0x600ef6fe
5701554.2764: Machine: 0x8664 - amd64
5711554.2764: Timestamp: 0x600ef6fe
5721554.2764: Image Version: 6.1
5731554.2764: SizeOfImage: 0x1a000 (106496)
5741554.2764: Resource Dir: 0x18000 LB 0x448
5751554.2764: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
5761554.2764: [Raw version resource data: 0x18060 LB 0x3e8, codepage 0x0 (reserved 0x0)]
5771554.2764: ProductName: Coretech Delivery
5781554.2764: ProductVersion: 30.587.0.170-e30f0c58d6
5791554.2764: FileVersion: 30.587.0.170
5801554.2764: FileDescription: Mouse Device Filter [fre_win7_x64]
5811554.2764: \SystemRoot\System32\drivers\kneps.sys:
5821554.2764: CreationTime: 2015-06-23T13:00:50.000000000Z
5831554.2764: LastWriteTime: 2021-02-19T10:09:02.000000000Z
5841554.2764: ChangeTime: 2021-04-10T10:39:46.293657900Z
5851554.2764: FileAttributes: 0x20
5861554.2764: Size: 0x49708
5871554.2764: NT Headers: 0x100
5881554.2764: Timestamp: 0xceae8f0e
5891554.2764: Machine: 0x8664 - amd64
5901554.2764: Timestamp: 0xceae8f0e
5911554.2764: Image Version: 6.1
5921554.2764: SizeOfImage: 0x49000 (299008)
5931554.2764: Resource Dir: 0x46000 LB 0x440
5941554.2764: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
5951554.2764: [Raw version resource data: 0x46060 LB 0x3dc, codepage 0x0 (reserved 0x0)]
5961554.2764: ProductName: Coretech Delivery
5971554.2764: ProductVersion: 30.587.0.460-f74872ca72
5981554.2764: FileVersion: 30.587.0.460
5991554.2764: FileDescription: Network Processor [fre_win7_x64]
6001554.2764: \SystemRoot\System32\klfphc.dll:
6011554.2764: CreationTime: 2016-06-07T11:01:17.966043900Z
6021554.2764: LastWriteTime: 2021-02-19T10:09:00.000000000Z
6031554.2764: ChangeTime: 2021-04-10T10:39:46.153062800Z
6041554.2764: FileAttributes: 0x20
6051554.2764: Size: 0x1ae60
6061554.2764: NT Headers: 0xe8
6071554.2764: Timestamp: 0x51873bf2
6081554.2764: Machine: 0x8664 - amd64
6091554.2764: Timestamp: 0x51873bf2
6101554.2764: Image Version: 0.0
6111554.2764: SizeOfImage: 0x1d000 (118784)
6121554.2764: Resource Dir: 0x18000 LB 0x3c80
6131554.2764: [Version info resource found at 0x188! (ID/Name: 0x1; SubID/SubName: 0x409)]
6141554.2764: [Raw version resource data: 0x1b800 LB 0x324, codepage 0x4e4 (reserved 0x0)]
6151554.2764: ProductName: Kaspersky™ Anti-Virus ®
6161554.2764: ProductVersion: 1.0.0.12
6171554.2764: FileVersion: 1.0.0.12
6181554.2764: FileDescription: Filtering Platform Helper Class
6191554.2764: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
6201554.2764: Calling main()
6211554.2764: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
6221554.2764: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
6231554.2764: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
6241554.2764: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
6251554.2764: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
6261554.2764: SUPR3HardenedMain: Respawn #2
6271554.2764: supR3HardNtEnableThreadCreationEx:
6281554.2764: supR3HardenedDllNotificationCallback: load 00007ffb7f4a0000 LB 0x0012b000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
6291554.2764: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
6301554.2764: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
6311554.2764: supR3HardenedDllNotificationCallback: load 00007ffb7e5a0000 LB 0x0009b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
6321554.2764: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
6331554.2764: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
6341554.2764: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
6351554.2764: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
6361554.2764: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
6371554.2764: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6381554.2764: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6391554.2764: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6401554.2764: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6411554.2764: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6421554.2764: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb800d0000 'C:\WINDOWS\System32\ntdll.dll'
6431554.2764: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb80144b10 pvNtTerminateThread=00007ffb8016d870
6441554.2764: supR3HardenedWinDoReSpawn(2): New child 2f64.b2c [kernel32].
6451554.2764: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
6461554.2764: supR3HardNtChildGatherData: PebBaseAddress=00000000009cc000 cbPeb=0x388
6471554.2764: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffb800d0000 uNtDllChildAddr=00007ffb800d0000
6481554.2764: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffb80144b10
6491554.2764: supR3HardenedWinSetupChildInit: Initial context:
650 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff6ca327900 rdx=00000000009cc000
651 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
652 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
653 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
654 rip=00007ffb80122630 rsp=0000000000b1ff28 rbp=0000000000000000 ctxflags=0010001b
655 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
656 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
657 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
658 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
659 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
6601554.2764: kernel32.dll: timestamp 0x61e69688 (rc=VINF_SUCCESS)
6611554.2764: supR3HardenedWinSetupChildInit: Start child.
6621554.2764: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
6631554.2764: supR3HardNtChildPurify: Startup delay kludge #1/0: 527 ms, 34 sleeps
6641554.2764: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
6651554.2764: *0000000000000000-00000000007dffff 0x0001/0x0000 0x0000000
6661554.2764: *00000000007e0000-00000000007fffff 0x0004/0x0004 0x0020000
6671554.2764: *0000000000800000-00000000009cbfff 0x0000/0x0004 0x0020000
6681554.2764: 00000000009cc000-00000000009cefff 0x0004/0x0004 0x0020000
6691554.2764: 00000000009cf000-00000000009fffff 0x0000/0x0004 0x0020000
6701554.2764: *0000000000a00000-0000000000a1cfff 0x0002/0x0002 0x0040000
6711554.2764: 0000000000a1d000-0000000000a1ffff 0x0001/0x0000 0x0000000
6721554.2764: *0000000000a20000-0000000000b1afff 0x0000/0x0004 0x0020000
6731554.2764: 0000000000b1b000-0000000000b1dfff 0x0104/0x0004 0x0020000
6741554.2764: 0000000000b1e000-0000000000b1ffff 0x0004/0x0004 0x0020000
6751554.2764: *0000000000b20000-0000000000b23fff 0x0002/0x0002 0x0040000
6761554.2764: 0000000000b24000-0000000000b2ffff 0x0001/0x0000 0x0000000
6771554.2764: *0000000000b30000-0000000000b31fff 0x0004/0x0004 0x0020000
6781554.2764: 0000000000b32000-000000007ffdffff 0x0001/0x0000 0x0000000
6791554.2764: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
6801554.2764: 000000007ffe1000-000000007ffebfff 0x0001/0x0000 0x0000000
6811554.2764: *000000007ffec000-000000007ffecfff 0x0002/0x0002 0x0020000
6821554.2764: 000000007ffed000-00007ff5fd88ffff 0x0001/0x0000 0x0000000
6831554.2764: *00007ff5fd890000-00007ff5fd890fff 0x0002/0x0002 0x0040000
6841554.2764: 00007ff5fd891000-00007ff5fd89ffff 0x0001/0x0000 0x0000000
6851554.2764: *00007ff5fd8a0000-00007ff5fd8c2fff 0x0002/0x0002 0x0040000
6861554.2764: 00007ff5fd8c3000-00007ff6ca31ffff 0x0001/0x0000 0x0000000
6871554.2764: *00007ff6ca320000-00007ff6ca320fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6881554.2764: 00007ff6ca321000-00007ff6ca397fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6891554.2764: 00007ff6ca398000-00007ff6ca398fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6901554.2764: 00007ff6ca399000-00007ff6ca3e1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6911554.2764: 00007ff6ca3e2000-00007ff6ca3e2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6921554.2764: 00007ff6ca3e3000-00007ff6ca3e3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6931554.2764: 00007ff6ca3e4000-00007ff6ca3e8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6941554.2764: 00007ff6ca3e9000-00007ff6ca3e9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6951554.2764: 00007ff6ca3ea000-00007ff6ca3eafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6961554.2764: 00007ff6ca3eb000-00007ff6ca3eefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6971554.2764: 00007ff6ca3ef000-00007ff6ca437fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6981554.2764: 00007ff6ca438000-00007ffb800cffff 0x0001/0x0000 0x0000000
6991554.2764: *00007ffb800d0000-00007ffb800d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7001554.2764: 00007ffb800d1000-00007ffb801ebfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7011554.2764: 00007ffb801ec000-00007ffb80233fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7021554.2764: 00007ffb80234000-00007ffb8023ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7031554.2764: 00007ffb80240000-00007ffb8024efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7041554.2764: 00007ffb8024f000-00007ffb8024ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7051554.2764: 00007ffb80250000-00007ffb80252fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7061554.2764: 00007ffb80253000-00007ffb802c4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7071554.2764: 00007ffb802c5000-00007ffffffeffff 0x0001/0x0000 0x0000000
7081554.2764: VirtualBoxVM.exe: timestamp 0x60898c77 (rc=VINF_SUCCESS)
7091554.2764: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
7101554.2764: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
7111554.2764: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
7121554.2764: supR3HardNtChildPurify: Done after 572 ms and 0 fixes (loop #0).
7132f64.b2c: Log file opened: 6.1.22r144080 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa04a6200
7142f64.b2c: supR3HardenedVmProcessInit: uNtDllAddr=00007ffb800d0000 g_uNtVerCombined=0xa04a6200 (stack ~0000000000b1f9b8)
7152f64.b2c: ntdll.dll: timestamp 0xbd2c3c23 (rc=VINF_SUCCESS)
7162f64.b2c: New simple heap: #1 0000000000c40000 LB 0x400000 (for 2052096 allocation)
7171554.2764: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000800000 LB 0x400000)
7181554.2764: supR3HardNtEnableThreadCreationEx:
7192f64.b2c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
7202f64.b2c: System32: \Device\HarddiskVolume3\Windows\System32
7212f64.b2c: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
7222f64.b2c: KnownDllPath: C:\WINDOWS\System32
7232f64.b2c: supR3HardenedVmProcessInit: Opening vboxdrv...
7242f64.b2c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
7252f64.b2c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
7262f64.b2c: Registered Dll notification callback with NTDLL.
7272f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
7282f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
7292f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
7302f64.b2c: supR3HardenedDllNotificationCallback: load 00007ffb7dc80000 LB 0x002c8000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
7312f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
7322f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
7332f64.b2c: supR3HardenedDllNotificationCallback: load 00007ffb7fcb0000 LB 0x000bd000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
7342f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
7352f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7fcb0000 'C:\WINDOWS\System32\KERNEL32.DLL'
7362f64.b2c: supR3HardenedDllNotificationCallback: load 00007ff6ca320000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
7372f64.b2c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
7382f64.b2c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
7392f64.b2c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
7402f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
7412f64.b2c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb80144b10 pvNtTerminateThread=00007ffb8016d870
7421554.2764: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 127 ms.
7432f64.b2c: \SystemRoot\System32\ntdll.dll:
7442f64.b2c: CreationTime: 2021-05-12T06:36:27.338504600Z
7452f64.b2c: LastWriteTime: 2021-05-12T06:36:27.380505600Z
7462f64.b2c: ChangeTime: 2021-05-12T14:28:46.346542600Z
7472f64.b2c: FileAttributes: 0x20
7482f64.b2c: Size: 0x1ee518
7492f64.b2c: NT Headers: 0xe8
7502f64.b2c: Timestamp: 0xbd2c3c23
7512f64.b2c: Machine: 0x8664 - amd64
7522f64.b2c: Timestamp: 0xbd2c3c23
7532f64.b2c: Image Version: 10.0
7542f64.b2c: SizeOfImage: 0x1f5000 (2052096)
7552f64.b2c: Resource Dir: 0x184000 LB 0x6fd28
7562f64.b2c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
7572f64.b2c: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
7582f64.b2c: ProductName: Microsoft® Windows® Operating System
7592f64.b2c: ProductVersion: 10.0.19041.964
7602f64.b2c: FileVersion: 10.0.19041.964 (WinBuild.160101.0800)
7612f64.b2c: FileDescription: NT Layer DLL
7622f64.b2c: \SystemRoot\System32\kernel32.dll:
7632f64.b2c: CreationTime: 2021-04-16T09:56:31.791032000Z
7642f64.b2c: LastWriteTime: 2021-04-16T09:56:31.825652200Z
7652f64.b2c: ChangeTime: 2021-05-12T06:38:54.606319400Z
7662f64.b2c: FileAttributes: 0x20
7672f64.b2c: Size: 0xbac30
7682f64.b2c: NT Headers: 0xe8
7692f64.b2c: Timestamp: 0x61e69688
7702f64.b2c: Machine: 0x8664 - amd64
7712f64.b2c: Timestamp: 0x61e69688
7722f64.b2c: Image Version: 10.0
7732f64.b2c: SizeOfImage: 0xbd000 (774144)
7742f64.b2c: Resource Dir: 0xbb000 LB 0x520
7752f64.b2c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
7762f64.b2c: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
7772f64.b2c: ProductName: Microsoft® Windows® Operating System
7782f64.b2c: ProductVersion: 10.0.19041.928
7792f64.b2c: FileVersion: 10.0.19041.928 (WinBuild.160101.0800)
7802f64.b2c: FileDescription: Windows NT BASE API Client DLL
7812f64.b2c: \SystemRoot\System32\KernelBase.dll:
7822f64.b2c: CreationTime: 2021-05-12T06:36:28.573351500Z
7832f64.b2c: LastWriteTime: 2021-05-12T06:36:28.642395500Z
7842f64.b2c: ChangeTime: 2021-05-12T14:28:44.541672000Z
7852f64.b2c: FileAttributes: 0x20
7862f64.b2c: Size: 0x2c8b70
7872f64.b2c: NT Headers: 0xf0
7882f64.b2c: Timestamp: 0x812662a7
7892f64.b2c: Machine: 0x8664 - amd64
7902f64.b2c: Timestamp: 0x812662a7
7912f64.b2c: Image Version: 10.0
7922f64.b2c: SizeOfImage: 0x2c8000 (2916352)
7932f64.b2c: Resource Dir: 0x29f000 LB 0x548
7942f64.b2c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
7952f64.b2c: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
7962f64.b2c: ProductName: Microsoft® Windows® Operating System
7972f64.b2c: ProductVersion: 10.0.19041.964
7982f64.b2c: FileVersion: 10.0.19041.964 (WinBuild.160101.0800)
7992f64.b2c: FileDescription: Windows NT BASE API Client DLL
8002f64.b2c: \SystemRoot\System32\apisetschema.dll:
8012f64.b2c: CreationTime: 2019-12-07T09:08:13.518339400Z
8022f64.b2c: LastWriteTime: 2019-12-07T09:08:13.518339400Z
8032f64.b2c: ChangeTime: 2021-05-12T06:38:54.584643200Z
8042f64.b2c: FileAttributes: 0x20
8052f64.b2c: Size: 0x1f538
8062f64.b2c: NT Headers: 0xd0
8072f64.b2c: Timestamp: 0x31288ce0
8082f64.b2c: Machine: 0x8664 - amd64
8092f64.b2c: Timestamp: 0x31288ce0
8102f64.b2c: Image Version: 10.0
8112f64.b2c: SizeOfImage: 0x20000 (131072)
8122f64.b2c: Resource Dir: 0x1f000 LB 0x408
8132f64.b2c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
8142f64.b2c: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
8152f64.b2c: ProductName: Microsoft® Windows® Operating System
8162f64.b2c: ProductVersion: 10.0.19041.1
8172f64.b2c: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
8182f64.b2c: FileDescription: ApiSet Schema DLL
8192f64.b2c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
8202f64.b2c: supR3HardenedWinFindAdversaries: 0x40
8212f64.b2c: \SystemRoot\System32\drivers\klflt.sys:
8222f64.b2c: CreationTime: 2016-06-07T11:00:53.494905500Z
8232f64.b2c: LastWriteTime: 2021-02-19T10:08:56.000000000Z
8242f64.b2c: ChangeTime: 2021-04-10T10:39:46.293657900Z
8252f64.b2c: FileAttributes: 0x20
8262f64.b2c: Size: 0x7db18
8272f64.b2c: NT Headers: 0xf8
8282f64.b2c: Timestamp: 0x602fa5ed
8292f64.b2c: Machine: 0x8664 - amd64
8302f64.b2c: Timestamp: 0x602fa5ed
8312f64.b2c: Image Version: 6.1
8322f64.b2c: SizeOfImage: 0x8a000 (565248)
8332f64.b2c: Resource Dir: 0x87000 LB 0x438
8342f64.b2c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
8352f64.b2c: [Raw version resource data: 0x87060 LB 0x3d4, codepage 0x0 (reserved 0x0)]
8362f64.b2c: ProductName: Coretech Delivery
8372f64.b2c: ProductVersion: 30.587.0.1060-d1e602ad69
8382f64.b2c: FileVersion: 30.587.0.1060
8392f64.b2c: FileDescription: Filter Core [fre_win7_x64]
8402f64.b2c: \SystemRoot\System32\drivers\klif.sys:
8412f64.b2c: CreationTime: 2016-06-07T11:00:53.463681400Z
8422f64.b2c: LastWriteTime: 2021-02-19T10:08:56.000000000Z
8432f64.b2c: ChangeTime: 2021-04-10T10:39:46.293657900Z
8442f64.b2c: FileAttributes: 0x20
8452f64.b2c: Size: 0xfe918
8462f64.b2c: NT Headers: 0xf0
8472f64.b2c: Timestamp: 0x602fa625
8482f64.b2c: Machine: 0x8664 - amd64
8492f64.b2c: Timestamp: 0x602fa625
8502f64.b2c: Image Version: 6.1
8512f64.b2c: SizeOfImage: 0x100000 (1048576)
8522f64.b2c: Resource Dir: 0xf3000 LB 0x6270
8532f64.b2c: [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)]
8542f64.b2c: [Raw version resource data: 0xf8e80 LB 0x3ec, codepage 0x0 (reserved 0x0)]
8552f64.b2c: ProductName: Coretech Delivery
8562f64.b2c: ProductVersion: 30.587.0.1060-d1e602ad69
8572f64.b2c: FileVersion: 30.587.0.1060
8582f64.b2c: FileDescription: Core System Interceptors [fre_win7_x64]
8592f64.b2c: \SystemRoot\System32\drivers\klim6.sys:
8602f64.b2c: CreationTime: 2021-02-19T10:08:56.000000000Z
8612f64.b2c: LastWriteTime: 2021-02-19T10:08:56.000000000Z
8622f64.b2c: ChangeTime: 2021-04-09T16:40:55.050376400Z
8632f64.b2c: FileAttributes: 0x20
8642f64.b2c: Size: 0x17ef8
8652f64.b2c: NT Headers: 0xe8
8662f64.b2c: Timestamp: 0xd15ac501
8672f64.b2c: Machine: 0x8664 - amd64
8682f64.b2c: Timestamp: 0xd15ac501
8692f64.b2c: Image Version: 6.1
8702f64.b2c: SizeOfImage: 0x15000 (86016)
8712f64.b2c: Resource Dir: 0x13000 LB 0x448
8722f64.b2c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
8732f64.b2c: [Raw version resource data: 0x13060 LB 0x3e4, codepage 0x0 (reserved 0x0)]
8742f64.b2c: ProductName: Coretech Delivery
8752f64.b2c: ProductVersion: 30.587.0.930-ef5965511c
8762f64.b2c: FileVersion: 30.587.0.930
8772f64.b2c: FileDescription: Packet Network Filter [fre_win7_x64]
8782f64.b2c: \SystemRoot\System32\drivers\klkbdflt.sys:
8792f64.b2c: CreationTime: 2015-06-06T03:01:42.000000000Z
8802f64.b2c: LastWriteTime: 2021-02-19T10:08:58.000000000Z
8812f64.b2c: ChangeTime: 2021-04-10T10:39:46.293657900Z
8822f64.b2c: FileAttributes: 0x20
8832f64.b2c: Size: 0x1b708
8842f64.b2c: NT Headers: 0xe0
8852f64.b2c: Timestamp: 0x600ef6fc
8862f64.b2c: Machine: 0x8664 - amd64
8872f64.b2c: Timestamp: 0x600ef6fc
8882f64.b2c: Image Version: 6.1
8892f64.b2c: SizeOfImage: 0x19000 (102400)
8902f64.b2c: Resource Dir: 0x17000 LB 0x450
8912f64.b2c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
8922f64.b2c: [Raw version resource data: 0x17060 LB 0x3ec, codepage 0x0 (reserved 0x0)]
8932f64.b2c: ProductName: Coretech Delivery
8942f64.b2c: ProductVersion: 30.587.0.170-e30f0c58d6
8952f64.b2c: FileVersion: 30.587.0.170
8962f64.b2c: FileDescription: Keyboard Device Filter [fre_win7_x64]
8972f64.b2c: \SystemRoot\System32\drivers\klmouflt.sys:
8982f64.b2c: CreationTime: 2015-06-06T20:22:56.000000000Z
8992f64.b2c: LastWriteTime: 2021-02-19T10:08:58.000000000Z
9002f64.b2c: ChangeTime: 2021-04-10T10:39:46.293657900Z
9012f64.b2c: FileAttributes: 0x20
9022f64.b2c: Size: 0x1b908
9032f64.b2c: NT Headers: 0xe0
9042f64.b2c: Timestamp: 0x600ef6fe
9052f64.b2c: Machine: 0x8664 - amd64
9062f64.b2c: Timestamp: 0x600ef6fe
9072f64.b2c: Image Version: 6.1
9082f64.b2c: SizeOfImage: 0x1a000 (106496)
9092f64.b2c: Resource Dir: 0x18000 LB 0x448
9102f64.b2c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
9112f64.b2c: [Raw version resource data: 0x18060 LB 0x3e8, codepage 0x0 (reserved 0x0)]
9122f64.b2c: ProductName: Coretech Delivery
9132f64.b2c: ProductVersion: 30.587.0.170-e30f0c58d6
9142f64.b2c: FileVersion: 30.587.0.170
9152f64.b2c: FileDescription: Mouse Device Filter [fre_win7_x64]
9162f64.b2c: \SystemRoot\System32\drivers\kneps.sys:
9172f64.b2c: CreationTime: 2015-06-23T13:00:50.000000000Z
9182f64.b2c: LastWriteTime: 2021-02-19T10:09:02.000000000Z
9192f64.b2c: ChangeTime: 2021-04-10T10:39:46.293657900Z
9202f64.b2c: FileAttributes: 0x20
9212f64.b2c: Size: 0x49708
9222f64.b2c: NT Headers: 0x100
9232f64.b2c: Timestamp: 0xceae8f0e
9242f64.b2c: Machine: 0x8664 - amd64
9252f64.b2c: Timestamp: 0xceae8f0e
9262f64.b2c: Image Version: 6.1
9272f64.b2c: SizeOfImage: 0x49000 (299008)
9282f64.b2c: Resource Dir: 0x46000 LB 0x440
9292f64.b2c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
9302f64.b2c: [Raw version resource data: 0x46060 LB 0x3dc, codepage 0x0 (reserved 0x0)]
9312f64.b2c: ProductName: Coretech Delivery
9322f64.b2c: ProductVersion: 30.587.0.460-f74872ca72
9332f64.b2c: FileVersion: 30.587.0.460
9342f64.b2c: FileDescription: Network Processor [fre_win7_x64]
9352f64.b2c: \SystemRoot\System32\klfphc.dll:
9362f64.b2c: CreationTime: 2016-06-07T11:01:17.966043900Z
9372f64.b2c: LastWriteTime: 2021-02-19T10:09:00.000000000Z
9382f64.b2c: ChangeTime: 2021-04-10T10:39:46.153062800Z
9392f64.b2c: FileAttributes: 0x20
9402f64.b2c: Size: 0x1ae60
9412f64.b2c: NT Headers: 0xe8
9422f64.b2c: Timestamp: 0x51873bf2
9432f64.b2c: Machine: 0x8664 - amd64
9442f64.b2c: Timestamp: 0x51873bf2
9452f64.b2c: Image Version: 0.0
9462f64.b2c: SizeOfImage: 0x1d000 (118784)
9472f64.b2c: Resource Dir: 0x18000 LB 0x3c80
9482f64.b2c: [Version info resource found at 0x188! (ID/Name: 0x1; SubID/SubName: 0x409)]
9492f64.b2c: [Raw version resource data: 0x1b800 LB 0x324, codepage 0x4e4 (reserved 0x0)]
9502f64.b2c: ProductName: Kaspersky™ Anti-Virus ®
9512f64.b2c: ProductVersion: 1.0.0.12
9522f64.b2c: FileVersion: 1.0.0.12
9532f64.b2c: FileDescription: Filtering Platform Helper Class
9542f64.b2c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
9552f64.b2c: Calling main()
9562f64.b2c: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
9572f64.b2c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
9582f64.b2c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
9592f64.b2c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
9602f64.b2c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
9612f64.b2c: SUPR3HardenedMain: Final process, opening VBoxDrv...
9622f64.b2c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000c40000 LB 0x400000)
9632f64.b2c: supR3HardNtEnableThreadCreationEx:
9642f64.b2c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll: Signature #1/2: info status: 24202
9652f64.b2c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
9662f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
9672f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9682f64.b2c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
9692f64.b2c: supR3HardenedDllNotificationCallback: load 00007ffb77fe0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
9702f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
9712f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
9722f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9732f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb77fe0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
9742f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
9752f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9762f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb77fe0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
9772f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb77fe0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
9782f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9792f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
9802f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
9812f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
9822f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9832f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9842f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
9852f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
9862f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9872f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9882f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
9892f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
9902f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9912f64.b2c: supR3HardenedDllNotificationCallback: load 00007ffb7e420000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
9922f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9932f64.b2c: supR3HardenedDllNotificationCallback: load 00007ffb7f4a0000 LB 0x0012b000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
9942f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9952f64.b2c: supR3HardenedDllNotificationCallback: load 00007ffb7e000000 LB 0x00060000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
9962f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9972f64.b2c: supR3HardenedDllNotificationCallback: load 00007ffb7d910000 LB 0x00100000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
9982f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll)
9992f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
10002f64.b2c: supR3HardenedDllNotificationCallback: load 00007ffb7db20000 LB 0x0015f000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
10012f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
10022f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
10032f64.b2c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
10042f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
10052f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7dc80000 'api-ms-win-core-synch-l1-2-0'
10062f64.b2c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
10072f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
10082f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7dc80000 'api-ms-win-core-fibers-l1-1-1'
10092f64.b2c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
10102f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
10112f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7dc80000 'api-ms-win-core-fibers-l1-1-1'
10122f64.b2c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
10132f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
10142f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7dc80000 'api-ms-win-core-synch-l1-2-0'
10152f64.b2c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
10162f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
10172f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7dc80000 'api-ms-win-core-localization-l1-2-1'
10182f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
10192f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
10202f64.b2c: supR3HardenedDllNotificationCallback: load 00007ffb7d3d0000 LB 0x00012000 C:\WINDOWS\SYSTEM32\MSASN1.dll [fFlags=0x0]
10212f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
10222f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e000000 'C:\WINDOWS\system32\Wintrust.dll'
10232f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
10242f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
10252f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
10262f64.b2c: supR3HardenedDllNotificationCallback: load 00007ffb7dfd0000 LB 0x00027000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0]
10272f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
10282f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7dfd0000 'C:\WINDOWS\system32\bcrypt.dll'
10292f64.b2c: bcrypt.dll loaded at 00007ffb7dfd0000, BCryptOpenAlgorithmProvider at 00007ffb7dfd51e0, preloading providers:
10302f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
10312f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
10322f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10332f64.b2c: supR3HardenedDllNotificationCallback: load 00007ffb7df50000 LB 0x00080000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
10342f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
10352f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7df50000 'C:\WINDOWS\system32\bcryptprimitives.dll'
10362f64.b2c: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000113e980)
10372f64.b2c: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000011415a0)
10382f64.b2c: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000011418c0)
10392f64.b2c: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000001141be0)
10402f64.b2c: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000001141f00)
10412f64.b2c: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000001142220)
10422f64.b2c: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000001142540)
10432f64.b2c: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000001142860)
10442f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
10452f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
10462f64.b2c: supR3HardenedDllNotificationCallback: load 00007ffb7d190000 LB 0x00018000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
10472f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
10482f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
10492f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
10502f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
10512f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
10522f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
10532f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
10542f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10552f64.b2c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10562f64.b2c: supR3HardenedDllNotificationCallback: load 00007ffb7c8f0000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
10572f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10582f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
10592f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
10602f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
10612f64.b2c: supR3HardenedDllNotificationCallback: load 00007ffb7d1b0000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
10622f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
10632f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
10642f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10652f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7fcb0000 'C:\WINDOWS\System32\kernel32.dll'
10662f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10672f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10682f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e000000 'C:\WINDOWS\System32\WINTRUST.DLL'
10692f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10702f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
10712f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\System32\CRYPT32.dll'
10722f64.b2c: supR3HardenedDllNotificationCallback: load 00007ffb7e100000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
10732f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
10742f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
10752f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10762f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10772f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
10782f64.b2c: supR3HardenedDllNotificationCallback: load 00007ffb7e5a0000 LB 0x0009b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
10792f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
10802f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
10812f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
10822f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10832f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
10842f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
10852f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
10862f64.b2c: supR3HardenedDllNotificationCallback: load 00007ffb7c0d0000 LB 0x00023000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
10872f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
10882f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
10892f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
10902f64.b2c: supR3HardenedDllNotificationCallback: load 00007ffb7d720000 LB 0x0001f000 C:\WINDOWS\SYSTEM32\profapi.dll [fFlags=0x0]
10912f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust]
10922f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10932f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
10942f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
10952f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
10962f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
10972f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
10982f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10992f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11002f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11012f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11022f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11032f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11042f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
11052f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11062f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11072f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11082f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11092f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11102f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
11112f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11122f64.b2c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11132f64.b2c: supR3HardenedDllNotificationCallback: load 00007ffb74d60000 LB 0x00031000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
11142f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11152f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11162f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
11172f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb74d60000 'C:\WINDOWS\System32\cryptnet.dll'
11182f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11192f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
11202f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb74d60000 'C:\WINDOWS\System32\cryptnet.dll'
11212f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11222f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
11232f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb74d60000 'C:\WINDOWS\System32\cryptnet.dll'
11242f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11252f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
11262f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb74d60000 'C:\WINDOWS\System32\cryptnet.dll'
11272f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11282f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
11292f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb74d60000 'C:\WINDOWS\System32\cryptnet.dll'
11302f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11312f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
11322f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb74d60000 'C:\WINDOWS\System32\cryptnet.dll'
11332f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11342f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb74d60000 'C:\WINDOWS\System32\cryptnet.dll'
11352f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11362f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb74d60000 'C:\WINDOWS\System32\cryptnet.dll'
11372f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11382f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb74d60000 'C:\WINDOWS\System32\cryptnet.dll'
11392f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11402f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb74d60000 'C:\WINDOWS\System32\cryptnet.dll'
11412f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11422f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb74d60000 'C:\WINDOWS\System32\cryptnet.dll'
11432f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb74d60000 'C:\WINDOWS\System32\cryptnet.dll'
11442f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11452f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb74d60000 'C:\Windows\System32\cryptnet.dll'
11462f64.b2c: supR3HardenedDllNotificationCallback: load 00007ffb7fdd0000 LB 0x000ac000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
11472f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11482f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
11492f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
11502f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
11512f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
11522f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11532f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11542f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11552f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
11562f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
11572f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
11582f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
11592f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11602f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11612f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11622f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11632f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
11642f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
11652f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11662f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\System32\crypt32.dll'
11672f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
11682f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000011ef100
11692f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011ef100
11702f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB4C767EAD168DFE18B4C6204DFA40BCDE70CA2D
11712f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
11722f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11732f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7f4a0000 'C:\WINDOWS\System32\rpcrt4.dll'
11742f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168)
11752f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000011eebc0
11762f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011eebc0
11772f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=185CC6B1E9E60232766E04AF4B8ED37B7F061435DB4D1A5BE448D7127BF26199
11782f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168)
11792f64.b2c: g_pfnWinVerifyTrust=00007ffb7e001da0
11802f64.b2c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
11812f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11822f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11832f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
11842f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
11852f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11862f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\System32\crypt32.dll'
11872f64.b2c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
11882f64.b2c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
11892f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11902f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11912f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
11922f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
11932f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11942f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\System32\crypt32.dll'
11952f64.b2c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
11962f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11972f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11982f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
11992f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
12002f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12012f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\System32\crypt32.dll'
12022f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
12032f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12042f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12052f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
12062f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
12072f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12082f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\System32\crypt32.dll'
12092f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
12102f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12112f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
12122f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\System32\crypt32.dll'
12132f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
12142f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12152f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
12162f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\System32\crypt32.dll'
12172f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
12182f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12192f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
12202f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\System32\crypt32.dll'
12212f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
12222f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12232f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
12242f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\System32\crypt32.dll'
12252f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
12262f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12272f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
12282f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\System32\crypt32.dll'
12292f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
12302f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12312f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
12322f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\System32\crypt32.dll'
12332f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
12342f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
12352f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\System32\crypt32.dll'
12362f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
12372f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
12382f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12392f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
12402f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
12412f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12422f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\System32\crypt32.dll'
12432f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
12442f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
12452f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\System32\crypt32.dll'
12462f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
12472f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
12482f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\System32\crypt32.dll'
12492f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
12502f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
12512f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\System32\crypt32.dll'
12522f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll'
12532f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
12542f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\System32\crypt32.dll'
12552f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
12562f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
12572f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\System32\crypt32.dll'
12582f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
12592f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
12602f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
12612f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
12622f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
12632f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
12642f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\System32\crypt32.dll'
12652f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
12662f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
12672f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\System32\crypt32.dll'
12682f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
12692f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\system32\crypt32.dll'
12702f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xba02d0ab12c5ed00 CN=XBL Client IPsec Issuing CA
12712f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x41356fb015159200 CN=ApexTitan
12722f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
12732f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
12742f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
12752f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
12762f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
12772f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x6143bbda3ccdee00 CN=DESKTOP-HEFOKD1
12782f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
12792f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x9546d06a8d70b800 CN=XBL Server IPsec Issuing CA
12802f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
12812f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
12822f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
12832f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
12842f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xc374375d6021ce00 O=AO Kaspersky Lab, CN=Kaspersky Anti-Virus Personal Root Certificate
12852f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
12862f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
12872f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
12882f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xa1e31e8b0211b600 C=US, O=Google Trust Services LLC, CN=GTS Root R1
12892f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
12902f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
12912f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
12922f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
12932f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
12942f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
12952f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
12962f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
12972f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
12982f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
12992f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
13002f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xcb7d2ba3dd0ff900 C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority RSA
13012f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
13022f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
13032f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
13042f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
13052f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
13062f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
13072f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
13082f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
13092f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
13102f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
13112f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
13122f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
13132f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x4b24f9897ec7e300 C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden EV Root CA
13142f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
13152f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
13162f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xc66d30927ebce400 C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority
13172f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
13182f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
13192f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
13202f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
13212f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
13222f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x73e85f1bda5faa00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
13232f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xef477acf4ab2d300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
13242f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
13252f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
13262f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
13272f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
13282f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
13292f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x41373d8936d79700 C=IN, O=India PKI, CN=CCA India 2015 SPL
13302f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
13312f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
13322f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
13332f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
13342f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
13352f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xb9ff821d139e9bf OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign
13362f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
13372f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
13382f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
13392f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
13402f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
13412f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
13422f64.b2c: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
13432f64.b2c: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=73
13442f64.b2c: SUPR3HardenedMain: Load Runtime...
13452f64.b2c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll: Signature #1/2: info status: 24202
13462f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
13472f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
13482f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
13492f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
13502f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
13512f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
13522f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
13532f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
13542f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
13552f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
13562f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\System32\crypt32.dll'
13572f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
13582f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
13592f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
13602f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13612f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13622f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
13632f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
13642f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
13652f64.b2c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll: Signature #1/2: info status: 24202
13662f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13672f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13682f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
13692f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
13702f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
13712f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
13722f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
13732f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13742f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13752f64.b2c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
13762f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13772f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13782f64.b2c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
13792f64.b2c: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13802f64.b2c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll)
13812f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
13822f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
13832f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
13842f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
13852f64.b2c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
13862f64.b2c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
13872f64.b2c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
13882f64.b2c: supR3HardenedDllNotificationCallback: load 0000000051e30000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
13892f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
13902f64.b2c: supR3HardenedDllNotificationCallback: load 0000000051d90000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
13912f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
13922f64.b2c: supR3HardenedDllNotificationCallback: load 00007ffb7ef30000 LB 0x0006b000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
13932f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
13942f64.b2c: supR3HardenedDllNotificationCallback: load 00007ffb24e40000 LB 0x005e2000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
13952f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
13962f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13972f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
13982f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
13992f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14002f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb24e40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14012f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14022f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14032f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14042f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14052f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
14062f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14072f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb24e40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14082f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14092f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14102f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14112f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14122f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
14132f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14142f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb24e40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14152f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14162f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14172f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14182f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14192f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
14202f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14212f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb24e40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14222f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14232f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14242f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14252f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14262f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
14272f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14282f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb24e40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14292f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14302f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14312f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14322f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14332f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
14342f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14352f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb24e40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14362f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14372f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14382f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14392f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14402f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb24e40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14412f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14422f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14432f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14442f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14452f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb24e40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14462f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14472f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14482f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14492f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14502f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb24e40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14512f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14522f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14532f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14542f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14552f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb24e40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14562f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14572f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14582f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14592f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14602f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb24e40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14612f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14622f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14632f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14642f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14652f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb24e40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14662f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14672f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14682f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14692f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14702f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb24e40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14712f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14722f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14732f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14742f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14752f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
14762f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14772f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb24e40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14782f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14792f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14802f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14812f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14822f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb24e40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14832f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14842f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14852f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14862f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14872f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb24e40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14882f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14892f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14902f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14912f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14922f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb24e40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14932f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14942f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14952f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14962f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14972f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb24e40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14982f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14992f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15002f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15012f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15022f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb24e40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15032f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15042f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15052f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15062f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15072f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb24e40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15082f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15092f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15102f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15112f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15122f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb24e40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15132f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15142f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15152f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15162f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15172f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb24e40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15182f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15192f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15202f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15212f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15222f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb24e40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15232f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15242f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15252f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15262f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15272f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb24e40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15282f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15292f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15302f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15312f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15322f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb24e40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15332f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15342f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15352f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15362f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15372f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb24e40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15382f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15392f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15402f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15412f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15422f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb24e40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15432f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15442f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15452f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15462f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15472f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb24e40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15482f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15492f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15502f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15512f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15522f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb24e40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15532f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15542f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15552f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15562f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15572f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
15582f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15592f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb24e40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15602f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15612f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15622f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15632f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15642f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb24e40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15652f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15662f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15672f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15682f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15692f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb24e40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15702f64.b2c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15712f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15722f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb24e40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15732f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
15742f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'
15752f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
15762f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
15772f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e000000 'C:\WINDOWS\system32\Wintrust.dll'
15782f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
15792f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\System32\crypt32.dll'
15802f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\system32\crypt32.dll'
15812f64.b2c: SUPR3HardenedMain: Load TrustedMain...
15822f64.b2c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll: Signature #1/2: info status: 24202
15832f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
15842f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15852f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
15862f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
15872f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'uicommon.dll'.
15882f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
15892f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
15902f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
15912f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
15922f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
15932f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
15942f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
15952f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
15962f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
15972f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
15982f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
15992f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
16002f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
16012f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
16022f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
16032f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
16042f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\System32\crypt32.dll'
16052f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
16062f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
16072f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
16082f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
16092f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
16102f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16112f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16122f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
16132f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
16142f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\System32\crypt32.dll'
16152f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
16162f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
16172f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
16182f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
16192f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
16202f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16212f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16222f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16232f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16242f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
16252f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
16262f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
16272f64.b2c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
16282f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
16292f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
16302f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
16312f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
16322f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
16332f64.b2c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
16342f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll)
16352f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
16362f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16372f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16382f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
16392f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\System32\crypt32.dll'
16402f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
16412f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'gdi32.dll'.
16422f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'user32.dll'.
16432f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #51 'combase.dll'.
16442f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
16452f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
16462f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16472f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16482f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
16492f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
16502f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
16512f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16522f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16532f64.b2c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
16542f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
16552f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
16562f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
16572f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
16582f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16592f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16602f64.b2c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
16612f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'win32u.dll'.
16622f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
16632f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
16642f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16652f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16662f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
16672f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
16682f64.b2c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
16692f64.b2c: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports
16702f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll)
16712f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll
16722f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16732f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16742f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
16752f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
16762f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
16772f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
16782f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
16792f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\System32\crypt32.dll'
16802f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
16812f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
16822f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) WinVerifyTrust
16832f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
16842f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
16852f64.b2c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll: Signature #1/2: info status: 24202
16862f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16872f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16882f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
16892f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
16902f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
16912f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
16922f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
16932f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
16942f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
16952f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
16962f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
16972f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
16982f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
16992f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
17002f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
17012f64.b2c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
17022f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17032f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17042f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
17052f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
17062f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
17072f64.b2c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll: Signature #1/2: info status: 24202
17082f64.b2c: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
17092f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
17102f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
17112f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
17122f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
17132f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
17142f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
17152f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
17162f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
17172f64.b2c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
17182f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
17192f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
17202f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
17212f64.b2c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll: Signature #1/2: info status: 24202
17222f64.b2c: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
17232f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
17242f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
17252f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
17262f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
17272f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
17282f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
17292f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
17302f64.b2c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
17312f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
17322f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
17332f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
17342f64.b2c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
17352f64.b2c: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
17362f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
17372f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
17382f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
17392f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
17402f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
17412f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
17422f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
17432f64.b2c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
17442f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
17452f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17462f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17472f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
17482f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
17492f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
17502f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
17512f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
17522f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
17532f64.b2c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
17542f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
17552f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #72 'user32.dll'.
17562f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'gdi32.dll'.
17572f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll)
17582f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
17592f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
17602f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
17612f64.b2c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
17622f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
17632f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
17642f64.b2c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
17652f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17662f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17672f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
17682f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17692f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17702f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
17712f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17722f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17732f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
17742f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
17752f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
17762f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
17772f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
17782f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
17792f64.b2c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
17802f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17812f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17822f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
17832f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17842f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17852f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
17862f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
17872f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
17882f64.b2c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
17892f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17902f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
17912f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
17922f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
17932f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'glu32.dll'.
17942f64.b2c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll)
17952f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll
17962f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
17972f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17982f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
17992f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18002f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18012f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
18022f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
18032f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
18042f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
18052f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
18062f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
18072f64.b2c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
18082f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll)
18092f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll
18102f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
18112f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
18122f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
18132f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18142f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18152f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
18162f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18172f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
18182f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
18192f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
18202f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
18212f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
18222f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18232f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18242f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
18252f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
18262f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
18272f64.b2c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
18282f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18292f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
18302f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
18312f64.b2c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll)
18322f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll
18332f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18342f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18352f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
18362f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18372f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18382f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
18392f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18402f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18412f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
18422f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18432f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18442f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
18452f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18462f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18472f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
18482f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18492f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18502f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
18512f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
18522f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
18532f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
18542f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
18552f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
18562f64.b2c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
18572f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18582f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18592f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
18602f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18612f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18622f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
18632f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
18642f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
18652f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
18662f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
18672f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
18682f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
18692f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
18702f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
18712f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
18722f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
18732f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
18742f64.b2c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
18752f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18762f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18772f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
18782f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
18792f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
18802f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
18812f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
18822f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
18832f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
18842f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
18852f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
18862f64.b2c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
18872f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
18882f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
18892f64.b2c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
18902f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18912f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18922f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
18932f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18942f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18952f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
18962f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
18972f64.b2c: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
18982f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
18992f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
19002f64.b2c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
19012f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
19022f64.b2c: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
19032f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19042f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19052f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
19062f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
19072f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
19082f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
19092f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
19102f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
19112f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'...
19122f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008]
19132f64.b2c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll: Signature #1/2: info status: 24202
19142f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
19152f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
19162f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
19172f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
19182f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
19192f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
19202f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
19212f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
19222f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
19232f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
19242f64.b2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
19252f64.b2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust
19262f64.b2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll
19272f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
19282f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
19292f64.b2c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
19302f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000044c pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll
19312f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011ef100
19322f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011ef100
19332f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C9C10BF483A9E127A5FD41C0556C6B4E23A8F66
19342f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
19352f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000011eeec0
19362f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011eeec0
19372f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C9C10BF483A9E127A5FD41C0556C6B4E23A8F66
19382f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168)
19392f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011eebc0
19402f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011eebc0
19412f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=358ED9730ACD5FF942F804E1DE553F3FF75AACA7D03A683035BA531A830E3685
19422f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
19432f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000011ee380
19442f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011ee380
19452f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=358ED9730ACD5FF942F804E1DE553F3FF75AACA7D03A683035BA531A830E3685
19462f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168)
19472f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
19482f64.b2c: supR3HardenedScreenImage/Imports: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
19492f64.b2c: Error (rc=0):
19502f64.b2c: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume3\Windows\System32\opengl32.dll
19512f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19522f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19532f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
19542f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
19552f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
19562f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19572f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19582f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
19592f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19602f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19612f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
19622f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19632f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19642f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
19652f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
19662f64.b2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
19672f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19682f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\System32\crypt32.dll'
19692f64.b2c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
19702f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
19712f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
19722f64.b2c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
19732f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
19742f64.b2c: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
19752f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
19762f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
19772f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
19782f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
19792f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
19802f64.b2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
19812f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19822f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19832f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
19842f64.b2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
19852f64.b2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
19862f64.b2c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
19872f64.b2c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
19882f64.b2c: Error (rc=0):
19892f64.b2c: supR3HardenedScreenImage/NtCreateSection: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x10 fAccess=0xd cHits=3 \Device\HarddiskVolume3\Windows\System32\opengl32.dll
19902f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
19912f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000438 pwszName=\Device\HarddiskVolume3\Windows\System32\glu32.dll
19922f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011eeec0
19932f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011eeec0
19942f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CAB3F71746EFEEEE383BF91A5CE7637F78FF8670
19952f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
19962f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000011eee00
19972f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011eee00
19982f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CAB3F71746EFEEEE383BF91A5CE7637F78FF8670
19992f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168)
20002f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011ee380
20012f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011ee380
20022f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=509E57B9E183774822166724C57A46FDE3B0961D23C37A1D35168C657A65ADD8
20032f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
20042f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000011ee800
20052f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011ee800
20062f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=509E57B9E183774822166724C57A46FDE3B0961D23C37A1D35168C657A65ADD8
20072f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168)
20082f64.b2c: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
20092f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll'
20102f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
20112f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\System32\crypt32.dll'
20122f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll'
20132f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
20142f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\System32\crypt32.dll'
20152f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll'
20162f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
20172f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\System32\crypt32.dll'
20182f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll'
20192f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
20202f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\System32\crypt32.dll'
20212f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
20222f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
20232f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\System32\crypt32.dll'
20242f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'
20252f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\WINDOWS\system32\rsaenh.dll'
20262f64.b2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7db20000 'C:\WINDOWS\System32\crypt32.dll'
20272f64.b2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll'
20282f64.b2c: Fatal error:
20292f64.b2c: supR3HardenedMainGetTrustedMain: LoadLibrary "C:\Program Files\Oracle\VirtualBox/VirtualBoxVM.dll" failed, rc=1790
20301554.2764: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2454 ms, the end);
203134c4.2d90: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 3242 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy