2554.1edc: Log file opened: 6.0.4r128413 g_hStartupLog=0000000000000094 g_uNtVerCombined=0xa0479300 2554.1edc: \SystemRoot\System32\ntdll.dll: 2554.1edc: CreationTime: 2019-01-20T10:25:40.850445300Z 2554.1edc: LastWriteTime: 2019-01-20T10:25:40.850445300Z 2554.1edc: ChangeTime: 2019-01-25T10:44:49.426023800Z 2554.1edc: FileAttributes: 0x20 2554.1edc: Size: 0x1e8870 2554.1edc: NT Headers: 0xd8 2554.1edc: Timestamp: 0xaaee18ef 2554.1edc: Machine: 0x8664 - amd64 2554.1edc: Timestamp: 0xaaee18ef 2554.1edc: Image Version: 10.0 2554.1edc: SizeOfImage: 0x1f1000 (2035712) 2554.1edc: Resource Dir: 0x181000 LB 0x6efd0 2554.1edc: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 2554.1edc: [Raw version resource data: 0x1810f0 LB 0x380, codepage 0x0 (reserved 0x0)] 2554.1edc: ProductName: Microsoft® Windows® Operating System 2554.1edc: ProductVersion: 10.0.18323.1000 2554.1edc: FileVersion: 10.0.18323.1000 (WinBuild.160101.0800) 2554.1edc: FileDescription: NT Layer DLL 2554.1edc: \SystemRoot\System32\kernel32.dll: 2554.1edc: CreationTime: 2019-01-20T10:25:07.031948900Z 2554.1edc: LastWriteTime: 2019-01-20T10:25:07.031948900Z 2554.1edc: ChangeTime: 2019-01-25T10:44:48.363034000Z 2554.1edc: FileAttributes: 0x20 2554.1edc: Size: 0xaee90 2554.1edc: NT Headers: 0xe8 2554.1edc: Timestamp: 0xf313bcfd 2554.1edc: Machine: 0x8664 - amd64 2554.1edc: Timestamp: 0xf313bcfd 2554.1edc: Image Version: 10.0 2554.1edc: SizeOfImage: 0xb2000 (729088) 2554.1edc: Resource Dir: 0xb0000 LB 0x520 2554.1edc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2554.1edc: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 2554.1edc: ProductName: Microsoft® Windows® Operating System 2554.1edc: ProductVersion: 10.0.18323.1000 2554.1edc: FileVersion: 10.0.18323.1000 (WinBuild.160101.0800) 2554.1edc: FileDescription: Windows NT BASE API Client DLL 2554.1edc: \SystemRoot\System32\KernelBase.dll: 2554.1edc: CreationTime: 2019-01-20T10:25:40.991082700Z 2554.1edc: LastWriteTime: 2019-01-20T10:25:40.991082700Z 2554.1edc: ChangeTime: 2019-01-25T10:44:49.597900800Z 2554.1edc: FileAttributes: 0x20 2554.1edc: Size: 0x29fbc0 2554.1edc: NT Headers: 0xf8 2554.1edc: Timestamp: 0x2db87fbc 2554.1edc: Machine: 0x8664 - amd64 2554.1edc: Timestamp: 0x2db87fbc 2554.1edc: Image Version: 10.0 2554.1edc: SizeOfImage: 0x2a0000 (2752512) 2554.1edc: Resource Dir: 0x27b000 LB 0x548 2554.1edc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2554.1edc: [Raw version resource data: 0x27b0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 2554.1edc: ProductName: Microsoft® Windows® Operating System 2554.1edc: ProductVersion: 10.0.18323.1000 2554.1edc: FileVersion: 10.0.18323.1000 (WinBuild.160101.0800) 2554.1edc: FileDescription: Windows NT BASE API Client DLL 2554.1edc: \SystemRoot\System32\apisetschema.dll: 2554.1edc: CreationTime: 2019-01-20T10:25:01.842161500Z 2554.1edc: LastWriteTime: 2019-01-20T10:25:01.842161500Z 2554.1edc: ChangeTime: 2019-01-25T17:11:31.755841200Z 2554.1edc: FileAttributes: 0x20 2554.1edc: Size: 0x1bf30 2554.1edc: NT Headers: 0xc8 2554.1edc: Timestamp: 0x79709e8c 2554.1edc: Machine: 0x8664 - amd64 2554.1edc: Timestamp: 0x79709e8c 2554.1edc: Image Version: 10.0 2554.1edc: SizeOfImage: 0x1e000 (122880) 2554.1edc: Resource Dir: 0x1d000 LB 0x408 2554.1edc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2554.1edc: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 2554.1edc: ProductName: Microsoft® Windows® Operating System 2554.1edc: ProductVersion: 10.0.18323.1000 2554.1edc: FileVersion: 10.0.18323.1000 (WinBuild.160101.0800) 2554.1edc: FileDescription: ApiSet Schema DLL 2554.1edc: NtOpenDirectoryObject failed on \Driver: 0xc0000022 2554.1edc: supR3HardenedWinFindAdversaries: 0x0 2554.1edc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 2554.1edc: Calling main() 2554.1edc: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 2554.1edc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 2554.1edc: SUPR3HardenedMain: Respawn #1 2554.1edc: System32: \Device\HarddiskVolume2\Windows\System32 2554.1edc: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS 2554.1edc: KnownDllPath: C:\WINDOWS\System32 2554.1edc: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 2554.1edc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 2554.1edc: supR3HardNtEnableThreadCreation: 2554.1edc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc6c5063d0 pvNtTerminateThread=00007ffc6c52d310 2554.1edc: supR3HardenedWinDoReSpawn(1): New child 2478.1c64 [kernel32]. 2554.1edc: supR3HardNtChildGatherData: PebBaseAddress=0000000000311000 cbPeb=0x388 2554.1edc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffc6c490000 uNtDllChildAddr=00007ffc6c490000 2554.1edc: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffc6c5063d0 2554.1edc: supR3HardenedWinSetupChildInit: Start child. 2554.1edc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 118 ms. 2554.1edc: supR3HardNtChildPurify: Startup delay kludge #1/0: 263 ms, 30 sleeps 2554.1edc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 2554.1edc: *0000000000000000-00000000001bffff 0x0001/0x0000 0x0000000 2554.1edc: *00000000001c0000-00000000001dffff 0x0004/0x0004 0x0020000 2554.1edc: *00000000001e0000-00000000001fafff 0x0002/0x0002 0x0040000 2554.1edc: 00000000001fb000-00000000001fffff 0x0001/0x0000 0x0000000 2554.1edc: *0000000000200000-0000000000310fff 0x0000/0x0004 0x0020000 2554.1edc: 0000000000311000-0000000000313fff 0x0004/0x0004 0x0020000 2554.1edc: 0000000000314000-00000000003fffff 0x0000/0x0004 0x0020000 2554.1edc: *0000000000400000-00000000004fafff 0x0000/0x0004 0x0020000 2554.1edc: 00000000004fb000-00000000004fdfff 0x0104/0x0004 0x0020000 2554.1edc: 00000000004fe000-00000000004fffff 0x0004/0x0004 0x0020000 2554.1edc: *0000000000500000-0000000000503fff 0x0002/0x0002 0x0040000 2554.1edc: 0000000000504000-000000000050ffff 0x0001/0x0000 0x0000000 2554.1edc: *0000000000510000-0000000000511fff 0x0004/0x0004 0x0020000 2554.1edc: 0000000000512000-000000007ffdffff 0x0001/0x0000 0x0000000 2554.1edc: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 2554.1edc: 000000007ffe1000-000000007ffe9fff 0x0001/0x0000 0x0000000 2554.1edc: *000000007ffea000-000000007ffeafff 0x0002/0x0002 0x0020000 2554.1edc: 000000007ffeb000-00007ff5f6c9ffff 0x0001/0x0000 0x0000000 2554.1edc: *00007ff5f6ca0000-00007ff5f6ca0fff 0x0002/0x0002 0x0040000 2554.1edc: 00007ff5f6ca1000-00007ff5f6caffff 0x0001/0x0000 0x0000000 2554.1edc: *00007ff5f6cb0000-00007ff5f6cd2fff 0x0002/0x0002 0x0040000 2554.1edc: 00007ff5f6cd3000-00007ff72136ffff 0x0001/0x0000 0x0000000 2554.1edc: *00007ff721370000-00007ff721370fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2554.1edc: 00007ff721371000-00007ff7213e3fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2554.1edc: 00007ff7213e4000-00007ff7213e4fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2554.1edc: 00007ff7213e5000-00007ff72142bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2554.1edc: 00007ff72142c000-00007ff72142cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2554.1edc: 00007ff72142d000-00007ff72142dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2554.1edc: 00007ff72142e000-00007ff721432fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2554.1edc: 00007ff721433000-00007ff721433fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2554.1edc: 00007ff721434000-00007ff721434fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2554.1edc: 00007ff721435000-00007ff721438fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2554.1edc: 00007ff721439000-00007ff721481fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2554.1edc: 00007ff721482000-00007ffc6c48ffff 0x0001/0x0000 0x0000000 2554.1edc: *00007ffc6c490000-00007ffc6c490fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2554.1edc: 00007ffc6c491000-00007ffc6c5a8fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2554.1edc: 00007ffc6c5a9000-00007ffc6c5f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2554.1edc: 00007ffc6c5f1000-00007ffc6c5fcfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2554.1edc: 00007ffc6c5fd000-00007ffc6c60bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2554.1edc: 00007ffc6c60c000-00007ffc6c60cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2554.1edc: 00007ffc6c60d000-00007ffc6c60ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2554.1edc: 00007ffc6c610000-00007ffc6c680fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2554.1edc: 00007ffc6c681000-00007ffffffeffff 0x0001/0x0000 0x0000000 2554.1edc: VirtualBoxVM.exe: timestamp 0x5c4b51f3 (rc=VINF_SUCCESS) 2554.1edc: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 2554.1edc: \Device\HarddiskVolume2\Windows\System32\ntdll.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xaaee18ef; retrying against current time: 0x5c513efd. 2554.1edc: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 2554.1edc: supR3HardNtChildPurify: Done after 376 ms and 0 fixes (loop #0). 2478.1c64: Log file opened: 6.0.4r128413 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0479300 2478.1c64: supR3HardenedVmProcessInit: uNtDllAddr=00007ffc6c490000 g_uNtVerCombined=0xa0479300 2478.1c64: ntdll.dll: timestamp 0xaaee18ef (rc=VINF_SUCCESS) 2478.1c64: New simple heap: #1 0000000000620000 LB 0x400000 (for 2035712 allocation) 2554.1edc: supR3HardNtEnableThreadCreation: 2478.1c64: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 2478.1c64: System32: \Device\HarddiskVolume2\Windows\System32 2478.1c64: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS 2478.1c64: KnownDllPath: C:\WINDOWS\System32 2478.1c64: supR3HardenedVmProcessInit: Opening vboxdrv stub... 2478.1c64: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 2478.1c64: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 2478.1c64: Registered Dll notification callback with NTDLL. 2478.1c64: \Device\HarddiskVolume2\Windows\System32\kernel32.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xf313bcfd; retrying against current time: 0x5c513efd. 2478.1c64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) 2478.1c64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll 2478.1c64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] 2478.1c64: supR3HardenedDllNotificationCallback: load 00007ffc6a1f0000 LB 0x002a0000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0] 2478.1c64: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x2db87fbc; retrying against current time: 0x5c513efd. 2478.1c64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) 2478.1c64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 2478.1c64: supR3HardenedDllNotificationCallback: load 00007ffc6c3a0000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0] 2478.1c64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 2478.1c64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc6c3a0000 'C:\WINDOWS\System32\KERNEL32.DLL' 2478.1c64: supR3HardenedDllNotificationCallback: load 00007ff721370000 LB 0x00112000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0] 2478.1c64: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 2478.1c64: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 2478.1c64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2478.1c64: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc6c5063d0 pvNtTerminateThread=00007ffc6c52d310 2554.1edc: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 256 ms. 2478.1c64: \SystemRoot\System32\ntdll.dll: 2478.1c64: CreationTime: 2019-01-20T10:25:40.850445300Z 2478.1c64: LastWriteTime: 2019-01-20T10:25:40.850445300Z 2478.1c64: ChangeTime: 2019-01-25T10:44:49.426023800Z 2478.1c64: FileAttributes: 0x20 2478.1c64: Size: 0x1e8870 2478.1c64: NT Headers: 0xd8 2478.1c64: Timestamp: 0xaaee18ef 2478.1c64: Machine: 0x8664 - amd64 2478.1c64: Timestamp: 0xaaee18ef 2478.1c64: Image Version: 10.0 2478.1c64: SizeOfImage: 0x1f1000 (2035712) 2478.1c64: Resource Dir: 0x181000 LB 0x6efd0 2478.1c64: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 2478.1c64: [Raw version resource data: 0x1810f0 LB 0x380, codepage 0x0 (reserved 0x0)] 2478.1c64: ProductName: Microsoft® Windows® Operating System 2478.1c64: ProductVersion: 10.0.18323.1000 2478.1c64: FileVersion: 10.0.18323.1000 (WinBuild.160101.0800) 2478.1c64: FileDescription: NT Layer DLL 2478.1c64: \SystemRoot\System32\kernel32.dll: 2478.1c64: CreationTime: 2019-01-20T10:25:07.031948900Z 2478.1c64: LastWriteTime: 2019-01-20T10:25:07.031948900Z 2478.1c64: ChangeTime: 2019-01-25T10:44:48.363034000Z 2478.1c64: FileAttributes: 0x20 2478.1c64: Size: 0xaee90 2478.1c64: NT Headers: 0xe8 2478.1c64: Timestamp: 0xf313bcfd 2478.1c64: Machine: 0x8664 - amd64 2478.1c64: Timestamp: 0xf313bcfd 2478.1c64: Image Version: 10.0 2478.1c64: SizeOfImage: 0xb2000 (729088) 2478.1c64: Resource Dir: 0xb0000 LB 0x520 2478.1c64: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2478.1c64: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 2478.1c64: ProductName: Microsoft® Windows® Operating System 2478.1c64: ProductVersion: 10.0.18323.1000 2478.1c64: FileVersion: 10.0.18323.1000 (WinBuild.160101.0800) 2478.1c64: FileDescription: Windows NT BASE API Client DLL 2478.1c64: \SystemRoot\System32\KernelBase.dll: 2478.1c64: CreationTime: 2019-01-20T10:25:40.991082700Z 2478.1c64: LastWriteTime: 2019-01-20T10:25:40.991082700Z 2478.1c64: ChangeTime: 2019-01-25T10:44:49.597900800Z 2478.1c64: FileAttributes: 0x20 2478.1c64: Size: 0x29fbc0 2478.1c64: NT Headers: 0xf8 2478.1c64: Timestamp: 0x2db87fbc 2478.1c64: Machine: 0x8664 - amd64 2478.1c64: Timestamp: 0x2db87fbc 2478.1c64: Image Version: 10.0 2478.1c64: SizeOfImage: 0x2a0000 (2752512) 2478.1c64: Resource Dir: 0x27b000 LB 0x548 2478.1c64: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2478.1c64: [Raw version resource data: 0x27b0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 2478.1c64: ProductName: Microsoft® Windows® Operating System 2478.1c64: ProductVersion: 10.0.18323.1000 2478.1c64: FileVersion: 10.0.18323.1000 (WinBuild.160101.0800) 2478.1c64: FileDescription: Windows NT BASE API Client DLL 2478.1c64: \SystemRoot\System32\apisetschema.dll: 2478.1c64: CreationTime: 2019-01-20T10:25:01.842161500Z 2478.1c64: LastWriteTime: 2019-01-20T10:25:01.842161500Z 2478.1c64: ChangeTime: 2019-01-25T17:11:31.755841200Z 2478.1c64: FileAttributes: 0x20 2478.1c64: Size: 0x1bf30 2478.1c64: NT Headers: 0xc8 2478.1c64: Timestamp: 0x79709e8c 2478.1c64: Machine: 0x8664 - amd64 2478.1c64: Timestamp: 0x79709e8c 2478.1c64: Image Version: 10.0 2478.1c64: SizeOfImage: 0x1e000 (122880) 2478.1c64: Resource Dir: 0x1d000 LB 0x408 2478.1c64: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2478.1c64: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 2478.1c64: ProductName: Microsoft® Windows® Operating System 2478.1c64: ProductVersion: 10.0.18323.1000 2478.1c64: FileVersion: 10.0.18323.1000 (WinBuild.160101.0800) 2478.1c64: FileDescription: ApiSet Schema DLL 2478.1c64: NtOpenDirectoryObject failed on \Driver: 0xc0000022 2478.1c64: supR3HardenedWinFindAdversaries: 0x0 2478.1c64: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 2478.1c64: Calling main() 2478.1c64: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 2478.1c64: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 2478.1c64: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 2478.1c64: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 2478.1c64: SUPR3HardenedMain: Respawn #2 2478.1c64: supR3HardNtEnableThreadCreation: 2478.1c64: supR3HardenedDllNotificationCallback: load 00007ffc6c220000 LB 0x0011f000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0] 2478.1c64: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x5eb3e5d0; retrying against current time: 0x5c513efd. 2478.1c64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll) 2478.1c64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 2478.1c64: supR3HardenedDllNotificationCallback: load 00007ffc6bd90000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0] 2478.1c64: \Device\HarddiskVolume2\Windows\System32\sechost.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xf1a8e747; retrying against current time: 0x5c513efd. 2478.1c64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'. 2478.1c64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll) 2478.1c64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll 2478.1c64: \Device\HarddiskVolume2\Windows\System32\ntdll.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xaaee18ef; retrying against current time: 0x5c513efd. 2478.1c64: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 2478.1c64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll) 2478.1c64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2478.1c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2478.1c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2478.1c64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2478.1c64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2478.1c64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc6c490000 'C:\WINDOWS\System32\ntdll.dll' 2478.1c64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll) 2478.1c64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll 2478.1c64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 2478.1c64: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 2478.1c64: supR3HardenedDllNotificationCallback: load 00007ffc674b0000 LB 0x0008f000 C:\WINDOWS\system32\apphelp.dll [fFlags=0x0] 2478.1c64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 2478.1c64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdll.dll [lacks WinVerifyTrust] 2478.1c64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2478.1c64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc6c490000 'C:\WINDOWS\System32\ntdll.dll' 2478.1c64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc674b0000 'C:\WINDOWS\system32\apphelp.dll' 2478.1c64: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc6c5063d0 pvNtTerminateThread=00007ffc6c52d310 2478.1c64: supR3HardenedWinDoReSpawn(2): New child 4c0.1b10 [kernel32]. 2478.1c64: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless) 2478.1c64: supR3HardNtChildGatherData: PebBaseAddress=000000000039b000 cbPeb=0x388 2478.1c64: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffc6c490000 uNtDllChildAddr=00007ffc6c490000 2478.1c64: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffc6c5063d0 2478.1c64: supR3HardenedWinSetupChildInit: Start child. 2478.1c64: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms. 2478.1c64: supR3HardNtChildPurify: Startup delay kludge #1/0: 260 ms, 30 sleeps 2478.1c64: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 2478.1c64: *0000000000000000-000000000014ffff 0x0001/0x0000 0x0000000 2478.1c64: *0000000000150000-000000000016ffff 0x0004/0x0004 0x0020000 2478.1c64: *0000000000170000-000000000018afff 0x0002/0x0002 0x0040000 2478.1c64: 000000000018b000-000000000018ffff 0x0001/0x0000 0x0000000 2478.1c64: *0000000000190000-0000000000193fff 0x0002/0x0002 0x0040000 2478.1c64: 0000000000194000-000000000019ffff 0x0001/0x0000 0x0000000 2478.1c64: *00000000001a0000-00000000001a1fff 0x0004/0x0004 0x0020000 2478.1c64: 00000000001a2000-00000000001fffff 0x0001/0x0000 0x0000000 2478.1c64: *0000000000200000-000000000039afff 0x0000/0x0004 0x0020000 2478.1c64: 000000000039b000-000000000039dfff 0x0004/0x0004 0x0020000 2478.1c64: 000000000039e000-00000000003fffff 0x0000/0x0004 0x0020000 2478.1c64: *0000000000400000-00000000004fafff 0x0000/0x0004 0x0020000 2478.1c64: 00000000004fb000-00000000004fdfff 0x0104/0x0004 0x0020000 2478.1c64: 00000000004fe000-00000000004fffff 0x0004/0x0004 0x0020000 2478.1c64: 0000000000500000-000000007ffdffff 0x0001/0x0000 0x0000000 2478.1c64: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 2478.1c64: 000000007ffe1000-000000007ffe9fff 0x0001/0x0000 0x0000000 2478.1c64: *000000007ffea000-000000007ffeafff 0x0002/0x0002 0x0020000 2478.1c64: 000000007ffeb000-00007ff596e3ffff 0x0001/0x0000 0x0000000 2478.1c64: *00007ff596e40000-00007ff596e40fff 0x0002/0x0002 0x0040000 2478.1c64: 00007ff596e41000-00007ff596e4ffff 0x0001/0x0000 0x0000000 2478.1c64: *00007ff596e50000-00007ff596e72fff 0x0002/0x0002 0x0040000 2478.1c64: 00007ff596e73000-00007ff72136ffff 0x0001/0x0000 0x0000000 2478.1c64: *00007ff721370000-00007ff721370fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2478.1c64: 00007ff721371000-00007ff7213e3fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2478.1c64: 00007ff7213e4000-00007ff7213e4fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2478.1c64: 00007ff7213e5000-00007ff72142bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2478.1c64: 00007ff72142c000-00007ff72142cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2478.1c64: 00007ff72142d000-00007ff72142dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2478.1c64: 00007ff72142e000-00007ff721432fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2478.1c64: 00007ff721433000-00007ff721433fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2478.1c64: 00007ff721434000-00007ff721434fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2478.1c64: 00007ff721435000-00007ff721438fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2478.1c64: 00007ff721439000-00007ff721481fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2478.1c64: 00007ff721482000-00007ffc6c48ffff 0x0001/0x0000 0x0000000 2478.1c64: *00007ffc6c490000-00007ffc6c490fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2478.1c64: 00007ffc6c491000-00007ffc6c5a8fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2478.1c64: 00007ffc6c5a9000-00007ffc6c5f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2478.1c64: 00007ffc6c5f1000-00007ffc6c5fcfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2478.1c64: 00007ffc6c5fd000-00007ffc6c60bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2478.1c64: 00007ffc6c60c000-00007ffc6c60cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2478.1c64: 00007ffc6c60d000-00007ffc6c60ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2478.1c64: 00007ffc6c610000-00007ffc6c680fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2478.1c64: 00007ffc6c681000-00007ffffffeffff 0x0001/0x0000 0x0000000 2478.1c64: VirtualBoxVM.exe: timestamp 0x5c4b51f3 (rc=VINF_SUCCESS) 2478.1c64: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 2478.1c64: \Device\HarddiskVolume2\Windows\System32\ntdll.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xaaee18ef; retrying against current time: 0x5c513efd. 2478.1c64: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 2478.1c64: supR3HardNtChildPurify: Done after 333 ms and 0 fixes (loop #0). 4c0.1b10: Log file opened: 6.0.4r128413 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0479300 4c0.1b10: supR3HardenedVmProcessInit: uNtDllAddr=00007ffc6c490000 g_uNtVerCombined=0xa0479300 4c0.1b10: ntdll.dll: timestamp 0xaaee18ef (rc=VINF_SUCCESS) 4c0.1b10: New simple heap: #1 0000000000600000 LB 0x400000 (for 2035712 allocation) 2478.1c64: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000620000 LB 0x400000) 2478.1c64: supR3HardNtEnableThreadCreation: 4c0.1b10: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 4c0.1b10: System32: \Device\HarddiskVolume2\Windows\System32 4c0.1b10: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS 4c0.1b10: KnownDllPath: C:\WINDOWS\System32 4c0.1b10: supR3HardenedVmProcessInit: Opening vboxdrv... 4c0.1b10: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 4c0.1b10: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 4c0.1b10: Registered Dll notification callback with NTDLL. 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\kernel32.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xf313bcfd; retrying against current time: 0x5c513efe. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc6a1f0000 LB 0x002a0000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0] 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x2db87fbc; retrying against current time: 0x5c513efe. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc6c3a0000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc6c3a0000 'C:\WINDOWS\System32\KERNEL32.DLL' 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ff721370000 LB 0x00112000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0] 4c0.1b10: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4c0.1b10: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc6c5063d0 pvNtTerminateThread=00007ffc6c52d310 2478.1c64: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 301 ms. 4c0.1b10: \SystemRoot\System32\ntdll.dll: 4c0.1b10: CreationTime: 2019-01-20T10:25:40.850445300Z 4c0.1b10: LastWriteTime: 2019-01-20T10:25:40.850445300Z 4c0.1b10: ChangeTime: 2019-01-25T10:44:49.426023800Z 4c0.1b10: FileAttributes: 0x20 4c0.1b10: Size: 0x1e8870 4c0.1b10: NT Headers: 0xd8 4c0.1b10: Timestamp: 0xaaee18ef 4c0.1b10: Machine: 0x8664 - amd64 4c0.1b10: Timestamp: 0xaaee18ef 4c0.1b10: Image Version: 10.0 4c0.1b10: SizeOfImage: 0x1f1000 (2035712) 4c0.1b10: Resource Dir: 0x181000 LB 0x6efd0 4c0.1b10: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 4c0.1b10: [Raw version resource data: 0x1810f0 LB 0x380, codepage 0x0 (reserved 0x0)] 4c0.1b10: ProductName: Microsoft® Windows® Operating System 4c0.1b10: ProductVersion: 10.0.18323.1000 4c0.1b10: FileVersion: 10.0.18323.1000 (WinBuild.160101.0800) 4c0.1b10: FileDescription: NT Layer DLL 4c0.1b10: \SystemRoot\System32\kernel32.dll: 4c0.1b10: CreationTime: 2019-01-20T10:25:07.031948900Z 4c0.1b10: LastWriteTime: 2019-01-20T10:25:07.031948900Z 4c0.1b10: ChangeTime: 2019-01-25T10:44:48.363034000Z 4c0.1b10: FileAttributes: 0x20 4c0.1b10: Size: 0xaee90 4c0.1b10: NT Headers: 0xe8 4c0.1b10: Timestamp: 0xf313bcfd 4c0.1b10: Machine: 0x8664 - amd64 4c0.1b10: Timestamp: 0xf313bcfd 4c0.1b10: Image Version: 10.0 4c0.1b10: SizeOfImage: 0xb2000 (729088) 4c0.1b10: Resource Dir: 0xb0000 LB 0x520 4c0.1b10: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 4c0.1b10: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 4c0.1b10: ProductName: Microsoft® Windows® Operating System 4c0.1b10: ProductVersion: 10.0.18323.1000 4c0.1b10: FileVersion: 10.0.18323.1000 (WinBuild.160101.0800) 4c0.1b10: FileDescription: Windows NT BASE API Client DLL 4c0.1b10: \SystemRoot\System32\KernelBase.dll: 4c0.1b10: CreationTime: 2019-01-20T10:25:40.991082700Z 4c0.1b10: LastWriteTime: 2019-01-20T10:25:40.991082700Z 4c0.1b10: ChangeTime: 2019-01-25T10:44:49.597900800Z 4c0.1b10: FileAttributes: 0x20 4c0.1b10: Size: 0x29fbc0 4c0.1b10: NT Headers: 0xf8 4c0.1b10: Timestamp: 0x2db87fbc 4c0.1b10: Machine: 0x8664 - amd64 4c0.1b10: Timestamp: 0x2db87fbc 4c0.1b10: Image Version: 10.0 4c0.1b10: SizeOfImage: 0x2a0000 (2752512) 4c0.1b10: Resource Dir: 0x27b000 LB 0x548 4c0.1b10: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 4c0.1b10: [Raw version resource data: 0x27b0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 4c0.1b10: ProductName: Microsoft® Windows® Operating System 4c0.1b10: ProductVersion: 10.0.18323.1000 4c0.1b10: FileVersion: 10.0.18323.1000 (WinBuild.160101.0800) 4c0.1b10: FileDescription: Windows NT BASE API Client DLL 4c0.1b10: \SystemRoot\System32\apisetschema.dll: 4c0.1b10: CreationTime: 2019-01-20T10:25:01.842161500Z 4c0.1b10: LastWriteTime: 2019-01-20T10:25:01.842161500Z 4c0.1b10: ChangeTime: 2019-01-25T17:11:31.755841200Z 4c0.1b10: FileAttributes: 0x20 4c0.1b10: Size: 0x1bf30 4c0.1b10: NT Headers: 0xc8 4c0.1b10: Timestamp: 0x79709e8c 4c0.1b10: Machine: 0x8664 - amd64 4c0.1b10: Timestamp: 0x79709e8c 4c0.1b10: Image Version: 10.0 4c0.1b10: SizeOfImage: 0x1e000 (122880) 4c0.1b10: Resource Dir: 0x1d000 LB 0x408 4c0.1b10: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 4c0.1b10: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 4c0.1b10: ProductName: Microsoft® Windows® Operating System 4c0.1b10: ProductVersion: 10.0.18323.1000 4c0.1b10: FileVersion: 10.0.18323.1000 (WinBuild.160101.0800) 4c0.1b10: FileDescription: ApiSet Schema DLL 4c0.1b10: NtOpenDirectoryObject failed on \Driver: 0xc0000022 4c0.1b10: supR3HardenedWinFindAdversaries: 0x0 4c0.1b10: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 4c0.1b10: Calling main() 4c0.1b10: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 4c0.1b10: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 4c0.1b10: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 4c0.1b10: SUPR3HardenedMain: Final process, opening VBoxDrv... 4c0.1b10: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000600000 LB 0x400000) 4c0.1b10: supR3HardNtEnableThreadCreation: 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 4c0.1b10: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc61180000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc61180000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc61180000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc61180000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\wintrust.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xcc388a4b; retrying against current time: 0x5c513efe. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x5eb3e5d0; retrying against current time: 0x5c513efe. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\crypt32.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xb63a435c; retrying against current time: 0x5c513efe. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'msasn1.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\msasn1.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x345d7b1e; retrying against current time: 0x5c513efe. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xe8e00b5e; retrying against current time: 0x5c513efe. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc6c180000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc693a0000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc69f00000 LB 0x000fc000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0] 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\ucrtbase.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x116447cf; retrying against current time: 0x5c513efe. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ucrtbase.dll 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc6a080000 LB 0x00149000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc6c220000 LB 0x0011f000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc69ea0000 LB 0x0005c000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc6a1f0000 'api-ms-win-core-synch-l1-2-0' 4c0.1b10: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc6a1f0000 'api-ms-win-core-fibers-l1-1-1' 4c0.1b10: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc6a1f0000 'api-ms-win-core-fibers-l1-1-1' 4c0.1b10: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc6a1f0000 'api-ms-win-core-synch-l1-2-0' 4c0.1b10: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc6a1f0000 'api-ms-win-core-localization-l1-2-1' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc69ea0000 'C:\WINDOWS\system32\Wintrust.dll' 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x6327313d; retrying against current time: 0x5c513efe. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc6a530000 LB 0x00026000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc6a530000 'C:\WINDOWS\system32\bcrypt.dll' 4c0.1b10: bcrypt.dll loaded at 00007ffc6a530000, BCryptOpenAlgorithmProvider at 00007ffc6a534bc0, preloading providers: 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xc2035b4f; retrying against current time: 0x5c513efe. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc6a000000 LB 0x0007e000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc6a000000 'C:\WINDOWS\system32\bcryptprimitives.dll' 4c0.1b10: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000a8d650) 4c0.1b10: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000a8ebc0) 4c0.1b10: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000a8eec0) 4c0.1b10: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000a8f1c0) 4c0.1b10: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000a8f4c0) 4c0.1b10: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000a8f7c0) 4c0.1b10: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000a8fac0) 4c0.1b10: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000a8fdc0) 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc6a1d0000 LB 0x00017000 C:\WINDOWS\System32\CRYPTSP.dll [fFlags=0x0] 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x24135c64; retrying against current time: 0x5c513efe. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xd7b020c2; retrying against current time: 0x5c513efe. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc687c0000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xb0af72e7; retrying against current time: 0x5c513efe. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc68dd0000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc6c3a0000 'C:\WINDOWS\System32\kernel32.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc69ea0000 'C:\WINDOWS\System32\WINTRUST.DLL' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc6a080000 'C:\WINDOWS\System32\CRYPT32.dll' 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc6b980000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0] 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x13bffc39; retrying against current time: 0x5c513efe. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc6bd90000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0] 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\sechost.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xf1a8e747; retrying against current time: 0x5c513efe. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\gpapi.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xba0164d2; retrying against current time: 0x5c513efe. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc68000000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc693c0000 LB 0x0001d000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0] 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\profapi.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xffc9a48f; retrying against current time: 0x5c513efe. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc5ec70000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5ec70000 'C:\WINDOWS\System32\cryptnet.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5ec70000 'C:\WINDOWS\System32\cryptnet.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5ec70000 'C:\WINDOWS\System32\cryptnet.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5ec70000 'C:\WINDOWS\System32\cryptnet.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5ec70000 'C:\WINDOWS\System32\cryptnet.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5ec70000 'C:\WINDOWS\System32\cryptnet.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5ec70000 'C:\WINDOWS\System32\cryptnet.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5ec70000 'C:\WINDOWS\System32\cryptnet.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5ec70000 'C:\WINDOWS\System32\cryptnet.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5ec70000 'C:\WINDOWS\System32\cryptnet.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5ec70000 'C:\WINDOWS\System32\cryptnet.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5ec70000 'C:\WINDOWS\System32\cryptnet.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5ec70000 'C:\Windows\System32\cryptnet.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc6c220000 'C:\WINDOWS\System32\rpcrt4.dll' 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc6ab10000 LB 0x000a2000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0] 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\advapi32.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xe2d893e3; retrying against current time: 0x5c513efe. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll 4c0.1b10: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000aa3570 4c0.1b10: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000aa3570 4c0.1b10: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FAD11C1387988012BF602E69FB5E9321CAC71234 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18323.1000.cat'; file='\SystemRoot\System32\ntdll.dll' 4c0.1b10: g_pfnWinVerifyTrust=00007ffc69ea2600 4c0.1b10: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' 4c0.1b10: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' 4c0.1b10: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003bc pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll 4c0.1b10: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000aa3570 4c0.1b10: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000aa3570 4c0.1b10: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=ACA37BE0AAD010D8DD81FE688783E01B6CA214D5 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18323.1000.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll' 4c0.1b10: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc6a080000 'C:\WINDOWS\system32\crypt32.dll' 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0xba02d0ab12c5ed00 CN=XBL Client IPsec Issuing CA 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0xf8b8190b4080cd00 CN=NN112 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0xdc182c1a688275f5 CN=NN112 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0xe91088692047eebf CN=NN112 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0x4f49db1a8fa9bdbb CN=NN112 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0x9546d06a8d70b800 CN=XBL Server IPsec Issuing CA 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0x4a658336f65f61ac CN=NN112 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0xf76e35e78ca0b200 CN=DESKTOP-HSEKVU5 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp. 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0x9403a4b8727eb000 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0xd41691e475fb8515 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0x39bb496d7f0fc200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Development Root Certificate Authority 2014 4c0.1b10: supR3HardenedWinIsDesiredRootCA: Adding 0x90c7c28610d2ed15 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Development Root Certificate Authority 2018 4c0.1b10: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=52 4c0.1b10: SUPR3HardenedMain: Load Runtime... 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x5b18fc48; retrying against current time: 0x5c513eff. 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 4c0.1b10: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01: [calling] 4c0.1b10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 4c0.1b10: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust] 4c0.1b10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 4c0.1b10: supR3HardenedDllNotificationCallback: load 0000000075ee0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust] 4c0.1b10: supR3HardenedDllNotificationCallback: load 0000000075e40000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc6aaa0000 LB 0x0006f000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc2a760000 LB 0x0052d000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 4c0.1b10: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2a760000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2a760000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2a760000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2a760000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2a760000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2a760000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2a760000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2a760000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2a760000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2a760000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2a760000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2a760000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2a760000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2a760000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2a760000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2a760000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2a760000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2a760000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2a760000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2a760000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2a760000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2a760000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2a760000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2a760000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2a760000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2a760000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2a760000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2a760000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2a760000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2a760000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2a760000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2a760000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2a760000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc69ea0000 'C:\WINDOWS\system32\Wintrust.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc6a080000 'C:\WINDOWS\system32\crypt32.dll' 4c0.1b10: SUPR3HardenedMain: Load TrustedMain... 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxglobal.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\winmm.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xd31e3ca4; retrying against current time: 0x5c513eff. 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x9af8175d; retrying against current time: 0x5c513eff. 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008] 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xd95535fd; retrying against current time: 0x5c513eff. 4c0.1b10: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmmbase.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\ole32.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x69345e97; retrying against current time: 0x5c513f00. 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\combase.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xfb1bdf40; retrying against current time: 0x5c513f00. 4c0.1b10: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'bcryptprimitives.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x2085286c; retrying against current time: 0x5c513f00. 4c0.1b10: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'gdi32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'user32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'combase.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\user32.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xb5f2ce93; retrying against current time: 0x5c513f00. 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\user32.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xb5f2ce93; retrying against current time: 0x5c513f00. 4c0.1b10: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\gdi32.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x3409d997; retrying against current time: 0x5c513f00. 4c0.1b10: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'win32u.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\win32u.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x65e1ccb6; retrying against current time: 0x5c513f00. 4c0.1b10: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'. 4c0.1b10: '\Device\HarddiskVolume2\Windows\System32\win32u.dll' has no imports 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\win32u.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\win32u.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll) WinVerifyTrust 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 4c0.1b10: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 4c0.1b10: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 4c0.1b10: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\shell32.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x166be67d; retrying against current time: 0x5c513f00. 4c0.1b10: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #77 'user32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #79 'gdi32.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008] 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\mpr.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x3e2fd2bd; retrying against current time: 0x5c513f01. 4c0.1b10: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll' 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll' 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxglobal.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxglobal.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxglobal.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGlobal.dll) WinVerifyTrust 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGlobal.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust] 4c0.1b10: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000508 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll 4c0.1b10: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000aa3570 4c0.1b10: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000aa3570 4c0.1b10: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B7A4B0B06E6F741962386BC90F2A377901224A70 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.18323.1000.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll' 4c0.1b10: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4c0.1b10: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01: [calling] 4c0.1b10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll 4c0.1b10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll 4c0.1b10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGlobal.dll 4c0.1b10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 4c0.1b10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 4c0.1b10: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust] 4c0.1b10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll 4c0.1b10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll 4c0.1b10: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust] 4c0.1b10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust] 4c0.1b10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust] 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\DXCore.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xe9af6ded; retrying against current time: 0x5c513f01. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'win32u.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DXCore.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DXCore.dll 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc69be0000 LB 0x00021000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [avoiding WinVerifyTrust] 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc6a490000 LB 0x0009e000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust] 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc69c60000 LB 0x0018f000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0] 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\gdi32full.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xd85ff23a; retrying against current time: 0x5c513f01. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32full.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32full.dll 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc6ba20000 LB 0x00026000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [avoiding WinVerifyTrust] 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc6bfe0000 LB 0x00198000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [avoiding WinVerifyTrust] 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc6ba50000 LB 0x00338000 C:\WINDOWS\System32\combase.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust] 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc69c10000 LB 0x0004b000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0] 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xd774f447; retrying against current time: 0x5c513f01. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc68050000 LB 0x00020000 C:\WINDOWS\SYSTEM32\dxcore.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DXCore.dll [avoiding WinVerifyTrust] 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc356b0000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust] 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc33fc0000 LB 0x0014e000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc6a940000 LB 0x000a7000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0] 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\SHCore.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xb63ab68c; retrying against current time: 0x5c513f01. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'rpcrt4.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc69390000 LB 0x00010000 C:\WINDOWS\System32\UMPDC.dll [fFlags=0x0] 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\umpdc.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xab27050a; retrying against current time: 0x5c513f01. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\umpdc.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\umpdc.dll 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc693e0000 LB 0x0004a000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0] 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\powrprof.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x274910d2; retrying against current time: 0x5c513f01. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'umpdc.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc6a6a0000 LB 0x00052000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0] 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x793da4c4; retrying against current time: 0x5c513f01. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc69430000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0] 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x378d41cc; retrying against current time: 0x5c513f01. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc69450000 LB 0x00785000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0] 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\windows.storage.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x50039643; retrying against current time: 0x5c513f01. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'rpcrt4.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'profapi.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\windows.storage.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\windows.storage.dll 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc6b2a0000 LB 0x006de000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [avoiding WinVerifyTrust] 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc6a7d0000 LB 0x00154000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc54fb0000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust] 4c0.1b10: supR3HardenedDllNotificationCallback: load 0000000075fc0000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc1fe00000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 4c0.1b10: supR3HardenedDllNotificationCallback: load 00000000758d0000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust] 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc6b0a0000 LB 0x000c5000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc2a1a0000 LB 0x005b3000 C:\Program Files\Oracle\VirtualBox\VBoxGlobal.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGlobal.dll 4c0.1b10: supR3HardenedDllNotificationCallback: load 0000000075870000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc67450000 LB 0x0002d000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust] 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc67480000 LB 0x00024000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc1b610000 LB 0x01f3c000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll 4c0.1b10: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll' [rescheduled] 4c0.1b10: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll' [rescheduled] 4c0.1b10: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rescheduled] 4c0.1b10: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\powrprof.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rescheduled] 4c0.1b10: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\umpdc.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\umpdc.dll' [rescheduled] 4c0.1b10: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll' [rescheduled] 4c0.1b10: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rescheduled] 4c0.1b10: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled] 4c0.1b10: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\DXCore.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\DXCore.dll' [rescheduled] 4c0.1b10: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled] 4c0.1b10: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled] 4c0.1b10: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled] 4c0.1b10: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] 4c0.1b10: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled] 4c0.1b10: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled] 4c0.1b10: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled] 4c0.1b10: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled] 4c0.1b10: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled] 4c0.1b10: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rescheduled] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust] 4c0.1b10: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'. 4c0.1b10: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust] 4c0.1b10: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'. 4c0.1b10: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust] 4c0.1b10: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'. 4c0.1b10: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\user32.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust] 4c0.1b10: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'. 4c0.1b10: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'umpdc.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'umpdc.dll' -> '\Device\HarddiskVolume2\Windows\System32\umpdc.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\umpdc.dll [redoing WinVerifyTrust] 4c0.1b10: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\umpdc.dll'. 4c0.1b10: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\umpdc.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust] 4c0.1b10: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'. 4c0.1b10: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust] 4c0.1b10: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'. 4c0.1b10: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust] 4c0.1b10: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'. 4c0.1b10: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\user32.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust] 4c0.1b10: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'. 4c0.1b10: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust] 4c0.1b10: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'. 4c0.1b10: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust] 4c0.1b10: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'. 4c0.1b10: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust] 4c0.1b10: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'. 4c0.1b10: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc6c3a0000 'C:\WINDOWS\System32\kernel32.dll' 4c0.1b10: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc6a1f0000 'api-ms-win-core-string-l1-1-0' 4c0.1b10: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc6a1f0000 'api-ms-win-core-datetime-l1-1-1' 4c0.1b10: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc6a1f0000 'api-ms-win-core-localization-obsolete-l1-2-0' 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\imm32.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xe5cbfc6c; retrying against current time: 0x5c513f02. 4c0.1b10: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust] 4c0.1b10: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'. 4c0.1b10: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust] 4c0.1b10: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'. 4c0.1b10: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\user32.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc6a700000 LB 0x0002d000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [avoiding WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc6a700000 'C:\WINDOWS\system32\IMM32.DLL' 4c0.1b10: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc6ab10000 'C:\WINDOWS\System32\ADVAPI32.DLL' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b610000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll' 4c0.1b10: SUPR3HardenedMain: Calling TrustedMain (00007ffc1b6116c0)... 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [redoing WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc33d30000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc33d30000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll' 4c0.1b10: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000630 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll 4c0.1b10: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000aa3570 4c0.1b10: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000aa3570 4c0.1b10: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8A00EAF205AF50F625554C7E29297F5FC3FF338E 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0415~31bf3856ad364e35~amd64~~10.0.18323.1000.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' 4c0.1b10: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 4c0.1b10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc67760000 LB 0x0009a000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc67760000 'C:\WINDOWS\system32\uxtheme.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc6bfe0000 'C:\WINDOWS\system32\user32.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc6b2a0000 'C:\WINDOWS\system32\shell32.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll [redoing WinVerifyTrust] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc6a940000 'C:\WINDOWS\system32\SHCore.dll' 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc67480000 'C:\WINDOWS\system32\winmm.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc67480000 'C:\WINDOWS\system32\winmm.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc6b2a0000 'C:\WINDOWS\system32\shell32.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc67760000 'C:\WINDOWS\system32\uxtheme.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc6ab10000 'C:\WINDOWS\system32\advapi32.dll' 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\userenv.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x3ef7ae2d; retrying against current time: 0x5c513f02. 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'profapi.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\userenv.dll) WinVerifyTrust 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4c0.1b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4c0.1b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc692b0000 LB 0x00025000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0] 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc692b0000 'C:\WINDOWS\system32\userenv.dll' 4c0.1b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4c0.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc6c3a0000 'C:\WINDOWS\System32\kernel32.dll' 4c0.1b10: supR3HardenedDllNotificationCallback: load 00007ffc6a9f0000 LB 0x000a2000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0] 4c0.1b10: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xe957c617; retrying against current time: 0x5c513f02. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4c0.1b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'. 4c0.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) 4c0.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll 4c0.1a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4c0.1a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4c0.1a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4c0.1a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4c0.1a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll' 4c0.1a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\clbcatq.dll' 4c0.1a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc687c0000 'C:\WINDOWS\system32\rsaenh.dll'