2584.1660: Log file opened: 6.0.14r133895 g_hStartupLog=0000000000000070 g_uNtVerCombined=0xa0456300 2584.1660: \SystemRoot\System32\ntdll.dll: 2584.1660: CreationTime: 2019-10-26T06:25:21.218613600Z 2584.1660: LastWriteTime: 2019-10-26T06:25:21.374772900Z 2584.1660: ChangeTime: 2019-12-10T18:28:32.715327900Z 2584.1660: FileAttributes: 0x20 2584.1660: Size: 0x1e70e0 2584.1660: NT Headers: 0xe0 2584.1660: Timestamp: 0x1f1a0210 2584.1660: Machine: 0x8664 - amd64 2584.1660: Timestamp: 0x1f1a0210 2584.1660: Image Version: 10.0 2584.1660: SizeOfImage: 0x1ed000 (2019328) 2584.1660: Resource Dir: 0x17d000 LB 0x6eb48 2584.1660: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 2584.1660: [Raw version resource data: 0x17d0f0 LB 0x380, codepage 0x0 (reserved 0x0)] 2584.1660: ProductName: Microsoft® Windows® Operating System 2584.1660: ProductVersion: 10.0.17763.831 2584.1660: FileVersion: 10.0.17763.831 (WinBuild.160101.0800) 2584.1660: FileDescription: NT Layer DLL 2584.1660: \SystemRoot\System32\kernel32.dll: 2584.1660: CreationTime: 2019-05-21T15:18:15.716327300Z 2584.1660: LastWriteTime: 2019-05-21T15:18:15.747064300Z 2584.1660: ChangeTime: 2019-12-10T18:28:32.668445800Z 2584.1660: FileAttributes: 0x20 2584.1660: Size: 0xb12c0 2584.1660: NT Headers: 0xe8 2584.1660: Timestamp: 0x250a0626 2584.1660: Machine: 0x8664 - amd64 2584.1660: Timestamp: 0x250a0626 2584.1660: Image Version: 10.0 2584.1660: SizeOfImage: 0xb3000 (733184) 2584.1660: Resource Dir: 0xb1000 LB 0x520 2584.1660: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2584.1660: [Raw version resource data: 0xb10b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 2584.1660: ProductName: Microsoft® Windows® Operating System 2584.1660: ProductVersion: 10.0.17763.475 2584.1660: FileVersion: 10.0.17763.475 (WinBuild.160101.0800) 2584.1660: FileDescription: Windows NT BASE API Client DLL 2584.1660: \SystemRoot\System32\KernelBase.dll: 2584.1660: CreationTime: 2019-12-10T18:26:48.543167600Z 2584.1660: LastWriteTime: 2019-12-10T18:26:48.777623900Z 2584.1660: ChangeTime: 2019-12-10T19:01:12.208613700Z 2584.1660: FileAttributes: 0x20 2584.1660: Size: 0x2931f8 2584.1660: NT Headers: 0xf8 2584.1660: Timestamp: 0xfb6790ac 2584.1660: Machine: 0x8664 - amd64 2584.1660: Timestamp: 0xfb6790ac 2584.1660: Image Version: 10.0 2584.1660: SizeOfImage: 0x293000 (2699264) 2584.1660: Resource Dir: 0x26f000 LB 0x548 2584.1660: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2584.1660: [Raw version resource data: 0x26f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 2584.1660: ProductName: Microsoft® Windows® Operating System 2584.1660: ProductVersion: 10.0.17763.914 2584.1660: FileVersion: 10.0.17763.914 (WinBuild.160101.0800) 2584.1660: FileDescription: Windows NT BASE API Client DLL 2584.1660: \SystemRoot\System32\apisetschema.dll: 2584.1660: CreationTime: 2018-09-15T07:28:25.403122600Z 2584.1660: LastWriteTime: 2018-09-15T07:28:25.403122600Z 2584.1660: ChangeTime: 2019-08-01T13:38:31.956025100Z 2584.1660: FileAttributes: 0x20 2584.1660: Size: 0x1c738 2584.1660: NT Headers: 0xd0 2584.1660: Timestamp: 0x33775897 2584.1660: Machine: 0x8664 - amd64 2584.1660: Timestamp: 0x33775897 2584.1660: Image Version: 10.0 2584.1660: SizeOfImage: 0x1d000 (118784) 2584.1660: Resource Dir: 0x1c000 LB 0x408 2584.1660: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2584.1660: [Raw version resource data: 0x1c060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 2584.1660: ProductName: Microsoft® Windows® Operating System 2584.1660: ProductVersion: 10.0.17763.1 2584.1660: FileVersion: 10.0.17763.1 (WinBuild.160101.0800) 2584.1660: FileDescription: ApiSet Schema DLL 2584.1660: NtOpenDirectoryObject failed on \Driver: 0xc0000022 2584.1660: supR3HardenedWinFindAdversaries: 0x40 2584.1660: \SystemRoot\System32\drivers\klflt.sys: 2584.1660: CreationTime: 2019-08-05T11:58:31.714327500Z 2584.1660: LastWriteTime: 2019-10-31T09:59:01.548529300Z 2584.1660: ChangeTime: 2019-10-31T09:59:01.548529300Z 2584.1660: FileAttributes: 0x20 2584.1660: Size: 0x3d678 2584.1660: NT Headers: 0x100 2584.1660: Timestamp: 0xddaa7cbc 2584.1660: Machine: 0x8664 - amd64 2584.1660: Timestamp: 0xddaa7cbc 2584.1660: Image Version: 6.1 2584.1660: SizeOfImage: 0x4a000 (303104) 2584.1660: Resource Dir: 0x47000 LB 0x418 2584.1660: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2584.1660: [Raw version resource data: 0x47060 LB 0x3b8, codepage 0x0 (reserved 0x0)] 2584.1660: ProductName: Coretech Delivery 2584.1660: ProductVersion: 30.112.90.0 2584.1660: FileVersion: 30.112.90.0 2584.1660: FileDescription: Filter Core [fre_win7_amd64] 2584.1660: \SystemRoot\System32\drivers\klif.sys: 2584.1660: CreationTime: 2019-08-05T11:58:31.848799700Z 2584.1660: LastWriteTime: 2019-10-31T09:59:01.803543200Z 2584.1660: ChangeTime: 2019-10-31T09:59:01.803543200Z 2584.1660: FileAttributes: 0x20 2584.1660: Size: 0xf3a80 2584.1660: NT Headers: 0xf8 2584.1660: Timestamp: 0x5da6282c 2584.1660: Machine: 0x8664 - amd64 2584.1660: Timestamp: 0x5da6282c 2584.1660: Image Version: 6.1 2584.1660: SizeOfImage: 0xf4000 (999424) 2584.1660: Resource Dir: 0xeb000 LB 0x33f8 2584.1660: [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)] 2584.1660: [Raw version resource data: 0xee028 LB 0x3d0, codepage 0x0 (reserved 0x0)] 2584.1660: ProductName: Coretech Delivery 2584.1660: ProductVersion: 30.112.90.0 2584.1660: FileVersion: 30.112.90.0 2584.1660: FileDescription: Core System Interceptors [fre_win7_amd64] 2584.1660: \SystemRoot\System32\drivers\klim6.sys: 2584.1660: CreationTime: 2019-03-19T02:21:06.000000000Z 2584.1660: LastWriteTime: 2019-03-19T02:21:06.000000000Z 2584.1660: ChangeTime: 2019-08-05T11:59:15.443759300Z 2584.1660: FileAttributes: 0x20 2584.1660: Size: 0xe350 2584.1660: NT Headers: 0xe0 2584.1660: Timestamp: 0x54ad405e 2584.1660: Machine: 0x8664 - amd64 2584.1660: Timestamp: 0x54ad405e 2584.1660: Image Version: 6.1 2584.1660: SizeOfImage: 0xb000 (45056) 2584.1660: Resource Dir: 0x9000 LB 0x430 2584.1660: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2584.1660: [Raw version resource data: 0x9060 LB 0x3cc, codepage 0x0 (reserved 0x0)] 2584.1660: ProductName: Coretech Delivery 2584.1660: ProductVersion: 30.0.3724.0 2584.1660: FileVersion: 30.0.3724.0 2584.1660: FileDescription: Packet Network Filter [fre_win7_amd64] 2584.1660: \SystemRoot\System32\drivers\klkbdflt.sys: 2584.1660: CreationTime: 2019-03-17T21:11:30.000000000Z 2584.1660: LastWriteTime: 2019-03-17T21:11:30.000000000Z 2584.1660: ChangeTime: 2019-08-05T11:59:11.806205900Z 2584.1660: FileAttributes: 0x20 2584.1660: Size: 0x13550 2584.1660: NT Headers: 0xf8 2584.1660: Timestamp: 0x79cc11d7 2584.1660: Machine: 0x8664 - amd64 2584.1660: Timestamp: 0x79cc11d7 2584.1660: Image Version: 6.1 2584.1660: SizeOfImage: 0x12000 (73728) 2584.1660: Resource Dir: 0x10000 LB 0x438 2584.1660: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2584.1660: [Raw version resource data: 0x10060 LB 0x3d4, codepage 0x0 (reserved 0x0)] 2584.1660: ProductName: Coretech Delivery 2584.1660: ProductVersion: 30.0.3716.0 2584.1660: FileVersion: 30.0.3716.0 2584.1660: FileDescription: Keyboard Device Filter [fre_win7_amd64] 2584.1660: \SystemRoot\System32\drivers\klmouflt.sys: 2584.1660: CreationTime: 2019-03-17T20:50:34.000000000Z 2584.1660: LastWriteTime: 2019-03-17T20:50:34.000000000Z 2584.1660: ChangeTime: 2019-08-05T11:59:11.843009100Z 2584.1660: FileAttributes: 0x20 2584.1660: Size: 0xe878 2584.1660: NT Headers: 0xe8 2584.1660: Timestamp: 0xab7b625 2584.1660: Machine: 0x8664 - amd64 2584.1660: Timestamp: 0xab7b625 2584.1660: Image Version: 6.1 2584.1660: SizeOfImage: 0xe000 (57344) 2584.1660: Resource Dir: 0xc000 LB 0x430 2584.1660: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2584.1660: [Raw version resource data: 0xc060 LB 0x3d0, codepage 0x0 (reserved 0x0)] 2584.1660: ProductName: Coretech Delivery 2584.1660: ProductVersion: 30.0.3716.0 2584.1660: FileVersion: 30.0.3716.0 2584.1660: FileDescription: Mouse Device Filter [fre_win7_amd64] 2584.1660: \SystemRoot\System32\drivers\kneps.sys: 2584.1660: CreationTime: 2019-03-18T21:31:38.000000000Z 2584.1660: LastWriteTime: 2019-03-18T21:31:38.000000000Z 2584.1660: ChangeTime: 2019-08-05T11:59:10.794405100Z 2584.1660: FileAttributes: 0x20 2584.1660: Size: 0x38b50 2584.1660: NT Headers: 0x108 2584.1660: Timestamp: 0x7aa255dc 2584.1660: Machine: 0x8664 - amd64 2584.1660: Timestamp: 0x7aa255dc 2584.1660: Image Version: 6.1 2584.1660: SizeOfImage: 0x38000 (229376) 2584.1660: Resource Dir: 0x35000 LB 0x428 2584.1660: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2584.1660: [Raw version resource data: 0x35060 LB 0x3c4, codepage 0x0 (reserved 0x0)] 2584.1660: ProductName: Coretech Delivery 2584.1660: ProductVersion: 30.0.3731.0 2584.1660: FileVersion: 30.0.3731.0 2584.1660: FileDescription: Network Processor [fre_win7_amd64] 2584.1660: \SystemRoot\System32\klfphc.dll: 2584.1660: CreationTime: 2019-08-05T11:59:09.424175900Z 2584.1660: LastWriteTime: 2013-05-06T03:13:26.000000000Z 2584.1660: ChangeTime: 2019-08-05T11:58:46.331052700Z 2584.1660: FileAttributes: 0x20 2584.1660: Size: 0x1ae60 2584.1660: NT Headers: 0xe8 2584.1660: Timestamp: 0x51873bf2 2584.1660: Machine: 0x8664 - amd64 2584.1660: Timestamp: 0x51873bf2 2584.1660: Image Version: 0.0 2584.1660: SizeOfImage: 0x1d000 (118784) 2584.1660: Resource Dir: 0x18000 LB 0x3c80 2584.1660: [Version info resource found at 0x188! (ID/Name: 0x1; SubID/SubName: 0x409)] 2584.1660: [Raw version resource data: 0x1b800 LB 0x324, codepage 0x4e4 (reserved 0x0)] 2584.1660: ProductName: Kaspersky™ Anti-Virus ® 2584.1660: ProductVersion: 1.0.0.12 2584.1660: FileVersion: 1.0.0.12 2584.1660: FileDescription: Filtering Platform Helper Class 2584.1660: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 2584.1660: Calling main() 2584.1660: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 2584.1660: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 2584.1660: SUPR3HardenedMain: Respawn #1 2584.1660: System32: \Device\HarddiskVolume2\Windows\System32 2584.1660: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS 2584.1660: KnownDllPath: C:\Windows\System32 2584.1660: supR3HardenedWinInit: Performing a limited self purification... 2584.1660: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION 2584.1660: *0000000000000000-0000000000aeffff 0x0001/0x0000 0x0000000 2584.1660: *0000000000af0000-0000000000afffff 0x0004/0x0004 0x0040000 2584.1660: 0000000000b00000-0000000000b0ffff 0x0001/0x0000 0x0000000 2584.1660: *0000000000b10000-0000000000b29fff 0x0002/0x0002 0x0040000 2584.1660: 0000000000b2a000-0000000000b2ffff 0x0001/0x0000 0x0000000 2584.1660: *0000000000b30000-0000000000b33fff 0x0002/0x0002 0x0040000 2584.1660: 0000000000b34000-0000000000b3ffff 0x0001/0x0000 0x0000000 2584.1660: *0000000000b40000-0000000000b41fff 0x0004/0x0004 0x0020000 2584.1660: 0000000000b42000-0000000000b4ffff 0x0001/0x0000 0x0000000 2584.1660: *0000000000b50000-0000000000b51fff 0x0004/0x0004 0x0020000 2584.1660: 0000000000b52000-0000000000b69fff 0x0000/0x0004 0x0020000 2584.1660: 0000000000b6a000-0000000000bfffff 0x0001/0x0000 0x0000000 2584.1660: *0000000000c00000-0000000000daafff 0x0000/0x0004 0x0020000 2584.1660: 0000000000dab000-0000000000dadfff 0x0004/0x0004 0x0020000 2584.1660: 0000000000dae000-0000000000dfffff 0x0000/0x0004 0x0020000 2584.1660: *0000000000e00000-0000000000eb0fff 0x0000/0x0004 0x0020000 2584.1660: 0000000000eb1000-0000000000eb3fff 0x0104/0x0004 0x0020000 2584.1660: 0000000000eb4000-0000000000efffff 0x0004/0x0004 0x0020000 2584.1660: *0000000000f00000-0000000000fc4fff 0x0002/0x0002 0x0040000 2584.1660: 0000000000fc5000-0000000000fcffff 0x0001/0x0000 0x0000000 2584.1660: *0000000000fd0000-0000000000fecfff 0x0004/0x0004 0x0020000 2584.1660: 0000000000fed000-00000000010cffff 0x0000/0x0004 0x0020000 2584.1660: 00000000010d0000-00000000010dffff 0x0001/0x0000 0x0000000 2584.1660: *00000000010e0000-00000000010e4fff 0x0004/0x0004 0x0020000 2584.1660: 00000000010e5000-00000000011dffff 0x0000/0x0004 0x0020000 2584.1660: 00000000011e0000-000000000139ffff 0x0001/0x0000 0x0000000 2584.1660: *00000000013a0000-00000000013aefff 0x0004/0x0004 0x0020000 2584.1660: 00000000013af000-00000000013affff 0x0000/0x0004 0x0020000 2584.1660: *00000000013b0000-00000000013b5fff 0x0000/0x0004 0x0020000 2584.1660: 00000000013b6000-00000000015a3fff 0x0004/0x0004 0x0020000 2584.1660: 00000000015a4000-00000000015a4fff 0x0000/0x0004 0x0020000 2584.1660: 00000000015a5000-000000007ffdffff 0x0001/0x0000 0x0000000 2584.1660: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 2584.1660: 000000007ffe1000-000000007ffe4fff 0x0001/0x0000 0x0000000 2584.1660: *000000007ffe5000-000000007ffe5fff 0x0002/0x0002 0x0020000 2584.1660: 000000007ffe6000-00007ff4e20dffff 0x0001/0x0000 0x0000000 2584.1660: *00007ff4e20e0000-00007ff4e20e4fff 0x0002/0x0002 0x0040000 2584.1660: 00007ff4e20e5000-00007ff4e21dffff 0x0000/0x0002 0x0040000 2584.1660: *00007ff4e21e0000-00007ff5e21fffff 0x0000/0x0004 0x0020000 2584.1660: *00007ff5e2200000-00007ff5e41fffff 0x0000/0x0004 0x0020000 2584.1660: 00007ff5e4200000-00007ff5e4200fff 0x0004/0x0004 0x0020000 2584.1660: 00007ff5e4201000-00007ff5e420ffff 0x0001/0x0000 0x0000000 2584.1660: *00007ff5e4210000-00007ff5e4210fff 0x0002/0x0002 0x0040000 2584.1660: 00007ff5e4211000-00007ff5e421ffff 0x0001/0x0000 0x0000000 2584.1660: *00007ff5e4220000-00007ff5e4242fff 0x0002/0x0002 0x0040000 2584.1660: 00007ff5e4243000-00007ff74df7ffff 0x0001/0x0000 0x0000000 2584.1660: *00007ff74df80000-00007ff74df80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2584.1660: 00007ff74df81000-00007ff74dff5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2584.1660: 00007ff74dff6000-00007ff74dff6fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2584.1660: 00007ff74dff7000-00007ff74e03efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2584.1660: 00007ff74e03f000-00007ff74e041fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2584.1660: 00007ff74e042000-00007ff74e044fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2584.1660: 00007ff74e045000-00007ff74e047fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2584.1660: 00007ff74e048000-00007ff74e048fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2584.1660: 00007ff74e049000-00007ff74e04afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2584.1660: 00007ff74e04b000-00007ff74e04bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2584.1660: 00007ff74e04c000-00007ff74e094fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2584.1660: 00007ff74e095000-00007ff82aa7ffff 0x0001/0x0000 0x0000000 2584.1660: *00007ff82aa80000-00007ff82aa80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 2584.1660: 00007ff82aa81000-00007ff82ab83fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 2584.1660: 00007ff82ab84000-00007ff82acd9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 2584.1660: 00007ff82acda000-00007ff82acddfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 2584.1660: 00007ff82acde000-00007ff82acdefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 2584.1660: 00007ff82acdf000-00007ff82ad12fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 2584.1660: 00007ff82ad13000-00007ff82ddbffff 0x0001/0x0000 0x0000000 2584.1660: *00007ff82ddc0000-00007ff82ddc0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll 2584.1660: 00007ff82ddc1000-00007ff82de36fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll 2584.1660: 00007ff82de37000-00007ff82de68fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll 2584.1660: 00007ff82de69000-00007ff82de69fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll 2584.1660: 00007ff82de6a000-00007ff82de6afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll 2584.1660: 00007ff82de6b000-00007ff82de72fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll 2584.1660: 00007ff82de73000-00007ff82e6bffff 0x0001/0x0000 0x0000000 2584.1660: *00007ff82e6c0000-00007ff82e6c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2584.1660: 00007ff82e6c1000-00007ff82e7d7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2584.1660: 00007ff82e7d8000-00007ff82e81efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2584.1660: 00007ff82e81f000-00007ff82e81ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2584.1660: 00007ff82e820000-00007ff82e821fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2584.1660: 00007ff82e822000-00007ff82e829fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2584.1660: 00007ff82e82a000-00007ff82e8acfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2584.1660: 00007ff82e8ad000-00007ffffffeffff 0x0001/0x0000 0x0000000 2584.1660: kernel32.dll: timestamp 0x250a0626 (rc=VINF_SUCCESS) 2584.1660: kernelbase.dll: timestamp 0xfb6790ac (rc=VINF_SUCCESS) 2584.1660: VirtualBoxVM.exe: timestamp 0x5d9f7c37 (rc=VINF_SUCCESS) 2584.1660: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 2584.1660: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 2584.1660: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0 2584.1660: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 2584.1660: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 2584.1660: supR3HardNtEnableThreadCreationEx: 2584.1660: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff82e735660 pvNtTerminateThread=00007ff82e7601b0 2584.1660: supR3HardenedWinDoReSpawn(1): New child 2bf0.74c [kernel32]. 2584.1660: supR3HardNtChildGatherData: PebBaseAddress=00000000009ea000 cbPeb=0x388 2584.1660: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff82e6c0000 uNtDllChildAddr=00007ff82e6c0000 2584.1660: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff82e735660 2584.1660: supR3HardenedWinSetupChildInit: Start child. 2584.1660: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 2584.1660: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 32 sleeps 2584.1660: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 2584.1660: *0000000000000000-00000000006dffff 0x0001/0x0000 0x0000000 2584.1660: *00000000006e0000-00000000006fffff 0x0004/0x0004 0x0020000 2584.1660: *0000000000700000-0000000000719fff 0x0002/0x0002 0x0040000 2584.1660: 000000000071a000-000000000071ffff 0x0001/0x0000 0x0000000 2584.1660: *0000000000720000-0000000000723fff 0x0002/0x0002 0x0040000 2584.1660: 0000000000724000-000000000072ffff 0x0001/0x0000 0x0000000 2584.1660: *0000000000730000-0000000000731fff 0x0004/0x0004 0x0020000 2584.1660: 0000000000732000-00000000007fffff 0x0001/0x0000 0x0000000 2584.1660: *0000000000800000-00000000009e9fff 0x0000/0x0004 0x0020000 2584.1660: 00000000009ea000-00000000009ecfff 0x0004/0x0004 0x0020000 2584.1660: 00000000009ed000-00000000009fffff 0x0000/0x0004 0x0020000 2584.1660: *0000000000a00000-0000000000afafff 0x0000/0x0004 0x0020000 2584.1660: 0000000000afb000-0000000000afdfff 0x0104/0x0004 0x0020000 2584.1660: 0000000000afe000-0000000000afffff 0x0004/0x0004 0x0020000 2584.1660: 0000000000b00000-000000007ffdffff 0x0001/0x0000 0x0000000 2584.1660: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 2584.1660: 000000007ffe1000-000000007ffe4fff 0x0001/0x0000 0x0000000 2584.1660: *000000007ffe5000-000000007ffe5fff 0x0002/0x0002 0x0020000 2584.1660: 000000007ffe6000-00007ff58fa9ffff 0x0001/0x0000 0x0000000 2584.1660: *00007ff58faa0000-00007ff58faa0fff 0x0002/0x0002 0x0040000 2584.1660: 00007ff58faa1000-00007ff58faaffff 0x0001/0x0000 0x0000000 2584.1660: *00007ff58fab0000-00007ff58fad2fff 0x0002/0x0002 0x0040000 2584.1660: 00007ff58fad3000-00007ff74df7ffff 0x0001/0x0000 0x0000000 2584.1660: *00007ff74df80000-00007ff74df80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2584.1660: 00007ff74df81000-00007ff74dff5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2584.1660: 00007ff74dff6000-00007ff74dff6fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2584.1660: 00007ff74dff7000-00007ff74e03efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2584.1660: 00007ff74e03f000-00007ff74e03ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2584.1660: 00007ff74e040000-00007ff74e040fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2584.1660: 00007ff74e041000-00007ff74e045fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2584.1660: 00007ff74e046000-00007ff74e046fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2584.1660: 00007ff74e047000-00007ff74e047fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2584.1660: 00007ff74e048000-00007ff74e04bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2584.1660: 00007ff74e04c000-00007ff74e094fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2584.1660: 00007ff74e095000-00007ff82e6bffff 0x0001/0x0000 0x0000000 2584.1660: *00007ff82e6c0000-00007ff82e6c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2584.1660: 00007ff82e6c1000-00007ff82e7d7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2584.1660: 00007ff82e7d8000-00007ff82e81efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2584.1660: 00007ff82e81f000-00007ff82e829fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2584.1660: 00007ff82e82a000-00007ff82e837fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2584.1660: 00007ff82e838000-00007ff82e838fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2584.1660: 00007ff82e839000-00007ff82e83bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2584.1660: 00007ff82e83c000-00007ff82e8acfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2584.1660: 00007ff82e8ad000-00007ffffffeffff 0x0001/0x0000 0x0000000 2584.1660: supR3HardNtChildPurify: Done after 516 ms and 0 fixes (loop #0). 2bf0.74c: Log file opened: 6.0.14r133895 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0456300 2bf0.74c: supR3HardenedVmProcessInit: uNtDllAddr=00007ff82e6c0000 g_uNtVerCombined=0xa0456300 2bf0.74c: ntdll.dll: timestamp 0x1f1a0210 (rc=VINF_SUCCESS) 2bf0.74c: New simple heap: #1 0000000000c00000 LB 0x400000 (for 2019328 allocation) 2bf0.74c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 2bf0.74c: System32: \Device\HarddiskVolume2\Windows\System32 2bf0.74c: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS 2584.1660: supR3HardNtEnableThreadCreationEx: 2bf0.74c: KnownDllPath: C:\Windows\System32 2bf0.74c: supR3HardenedVmProcessInit: Opening vboxdrv stub... 2bf0.74c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 2bf0.74c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 2bf0.74c: Registered Dll notification callback with NTDLL. 2bf0.74c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) 2bf0.74c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll 2bf0.74c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] 2bf0.74c: supR3HardenedDllNotificationCallback: load 00007ff82aa80000 LB 0x00293000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0] 2bf0.74c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) 2bf0.74c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 2bf0.74c: supR3HardenedDllNotificationCallback: load 00007ff82ddc0000 LB 0x000b3000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0] 2bf0.74c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 2bf0.74c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82ddc0000 'C:\Windows\System32\KERNEL32.DLL' 2bf0.74c: supR3HardenedDllNotificationCallback: load 00007ff74df80000 LB 0x00115000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0] 2bf0.74c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 2bf0.74c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 2bf0.74c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2bf0.74c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff82e735660 pvNtTerminateThread=00007ff82e7601b0 2584.1660: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 125 ms. 2bf0.74c: \SystemRoot\System32\ntdll.dll: 2bf0.74c: CreationTime: 2019-10-26T06:25:21.218613600Z 2bf0.74c: LastWriteTime: 2019-10-26T06:25:21.374772900Z 2bf0.74c: ChangeTime: 2019-12-10T18:28:32.715327900Z 2bf0.74c: FileAttributes: 0x20 2bf0.74c: Size: 0x1e70e0 2bf0.74c: NT Headers: 0xe0 2bf0.74c: Timestamp: 0x1f1a0210 2bf0.74c: Machine: 0x8664 - amd64 2bf0.74c: Timestamp: 0x1f1a0210 2bf0.74c: Image Version: 10.0 2bf0.74c: SizeOfImage: 0x1ed000 (2019328) 2bf0.74c: Resource Dir: 0x17d000 LB 0x6eb48 2bf0.74c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 2bf0.74c: [Raw version resource data: 0x17d0f0 LB 0x380, codepage 0x0 (reserved 0x0)] 2bf0.74c: ProductName: Microsoft® Windows® Operating System 2bf0.74c: ProductVersion: 10.0.17763.831 2bf0.74c: FileVersion: 10.0.17763.831 (WinBuild.160101.0800) 2bf0.74c: FileDescription: NT Layer DLL 2bf0.74c: \SystemRoot\System32\kernel32.dll: 2bf0.74c: CreationTime: 2019-05-21T15:18:15.716327300Z 2bf0.74c: LastWriteTime: 2019-05-21T15:18:15.747064300Z 2bf0.74c: ChangeTime: 2019-12-10T18:28:32.668445800Z 2bf0.74c: FileAttributes: 0x20 2bf0.74c: Size: 0xb12c0 2bf0.74c: NT Headers: 0xe8 2bf0.74c: Timestamp: 0x250a0626 2bf0.74c: Machine: 0x8664 - amd64 2bf0.74c: Timestamp: 0x250a0626 2bf0.74c: Image Version: 10.0 2bf0.74c: SizeOfImage: 0xb3000 (733184) 2bf0.74c: Resource Dir: 0xb1000 LB 0x520 2bf0.74c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2bf0.74c: [Raw version resource data: 0xb10b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 2bf0.74c: ProductName: Microsoft® Windows® Operating System 2bf0.74c: ProductVersion: 10.0.17763.475 2bf0.74c: FileVersion: 10.0.17763.475 (WinBuild.160101.0800) 2bf0.74c: FileDescription: Windows NT BASE API Client DLL 2bf0.74c: \SystemRoot\System32\KernelBase.dll: 2bf0.74c: CreationTime: 2019-12-10T18:26:48.543167600Z 2bf0.74c: LastWriteTime: 2019-12-10T18:26:48.777623900Z 2bf0.74c: ChangeTime: 2019-12-10T19:01:12.208613700Z 2bf0.74c: FileAttributes: 0x20 2bf0.74c: Size: 0x2931f8 2bf0.74c: NT Headers: 0xf8 2bf0.74c: Timestamp: 0xfb6790ac 2bf0.74c: Machine: 0x8664 - amd64 2bf0.74c: Timestamp: 0xfb6790ac 2bf0.74c: Image Version: 10.0 2bf0.74c: SizeOfImage: 0x293000 (2699264) 2bf0.74c: Resource Dir: 0x26f000 LB 0x548 2bf0.74c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2bf0.74c: [Raw version resource data: 0x26f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 2bf0.74c: ProductName: Microsoft® Windows® Operating System 2bf0.74c: ProductVersion: 10.0.17763.914 2bf0.74c: FileVersion: 10.0.17763.914 (WinBuild.160101.0800) 2bf0.74c: FileDescription: Windows NT BASE API Client DLL 2bf0.74c: \SystemRoot\System32\apisetschema.dll: 2bf0.74c: CreationTime: 2018-09-15T07:28:25.403122600Z 2bf0.74c: LastWriteTime: 2018-09-15T07:28:25.403122600Z 2bf0.74c: ChangeTime: 2019-08-01T13:38:31.956025100Z 2bf0.74c: FileAttributes: 0x20 2bf0.74c: Size: 0x1c738 2bf0.74c: NT Headers: 0xd0 2bf0.74c: Timestamp: 0x33775897 2bf0.74c: Machine: 0x8664 - amd64 2bf0.74c: Timestamp: 0x33775897 2bf0.74c: Image Version: 10.0 2bf0.74c: SizeOfImage: 0x1d000 (118784) 2bf0.74c: Resource Dir: 0x1c000 LB 0x408 2bf0.74c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2bf0.74c: [Raw version resource data: 0x1c060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 2bf0.74c: ProductName: Microsoft® Windows® Operating System 2bf0.74c: ProductVersion: 10.0.17763.1 2bf0.74c: FileVersion: 10.0.17763.1 (WinBuild.160101.0800) 2bf0.74c: FileDescription: ApiSet Schema DLL 2bf0.74c: NtOpenDirectoryObject failed on \Driver: 0xc0000022 2bf0.74c: supR3HardenedWinFindAdversaries: 0x40 2bf0.74c: \SystemRoot\System32\drivers\klflt.sys: 2bf0.74c: CreationTime: 2019-08-05T11:58:31.714327500Z 2bf0.74c: LastWriteTime: 2019-10-31T09:59:01.548529300Z 2bf0.74c: ChangeTime: 2019-10-31T09:59:01.548529300Z 2bf0.74c: FileAttributes: 0x20 2bf0.74c: Size: 0x3d678 2bf0.74c: NT Headers: 0x100 2bf0.74c: Timestamp: 0xddaa7cbc 2bf0.74c: Machine: 0x8664 - amd64 2bf0.74c: Timestamp: 0xddaa7cbc 2bf0.74c: Image Version: 6.1 2bf0.74c: SizeOfImage: 0x4a000 (303104) 2bf0.74c: Resource Dir: 0x47000 LB 0x418 2bf0.74c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2bf0.74c: [Raw version resource data: 0x47060 LB 0x3b8, codepage 0x0 (reserved 0x0)] 2bf0.74c: ProductName: Coretech Delivery 2bf0.74c: ProductVersion: 30.112.90.0 2bf0.74c: FileVersion: 30.112.90.0 2bf0.74c: FileDescription: Filter Core [fre_win7_amd64] 2bf0.74c: \SystemRoot\System32\drivers\klif.sys: 2bf0.74c: CreationTime: 2019-08-05T11:58:31.848799700Z 2bf0.74c: LastWriteTime: 2019-10-31T09:59:01.803543200Z 2bf0.74c: ChangeTime: 2019-10-31T09:59:01.803543200Z 2bf0.74c: FileAttributes: 0x20 2bf0.74c: Size: 0xf3a80 2bf0.74c: NT Headers: 0xf8 2bf0.74c: Timestamp: 0x5da6282c 2bf0.74c: Machine: 0x8664 - amd64 2bf0.74c: Timestamp: 0x5da6282c 2bf0.74c: Image Version: 6.1 2bf0.74c: SizeOfImage: 0xf4000 (999424) 2bf0.74c: Resource Dir: 0xeb000 LB 0x33f8 2bf0.74c: [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)] 2bf0.74c: [Raw version resource data: 0xee028 LB 0x3d0, codepage 0x0 (reserved 0x0)] 2bf0.74c: ProductName: Coretech Delivery 2bf0.74c: ProductVersion: 30.112.90.0 2bf0.74c: FileVersion: 30.112.90.0 2bf0.74c: FileDescription: Core System Interceptors [fre_win7_amd64] 2bf0.74c: \SystemRoot\System32\drivers\klim6.sys: 2bf0.74c: CreationTime: 2019-03-19T02:21:06.000000000Z 2bf0.74c: LastWriteTime: 2019-03-19T02:21:06.000000000Z 2bf0.74c: ChangeTime: 2019-08-05T11:59:15.443759300Z 2bf0.74c: FileAttributes: 0x20 2bf0.74c: Size: 0xe350 2bf0.74c: NT Headers: 0xe0 2bf0.74c: Timestamp: 0x54ad405e 2bf0.74c: Machine: 0x8664 - amd64 2bf0.74c: Timestamp: 0x54ad405e 2bf0.74c: Image Version: 6.1 2bf0.74c: SizeOfImage: 0xb000 (45056) 2bf0.74c: Resource Dir: 0x9000 LB 0x430 2bf0.74c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2bf0.74c: [Raw version resource data: 0x9060 LB 0x3cc, codepage 0x0 (reserved 0x0)] 2bf0.74c: ProductName: Coretech Delivery 2bf0.74c: ProductVersion: 30.0.3724.0 2bf0.74c: FileVersion: 30.0.3724.0 2bf0.74c: FileDescription: Packet Network Filter [fre_win7_amd64] 2bf0.74c: \SystemRoot\System32\drivers\klkbdflt.sys: 2bf0.74c: CreationTime: 2019-03-17T21:11:30.000000000Z 2bf0.74c: LastWriteTime: 2019-03-17T21:11:30.000000000Z 2bf0.74c: ChangeTime: 2019-08-05T11:59:11.806205900Z 2bf0.74c: FileAttributes: 0x20 2bf0.74c: Size: 0x13550 2bf0.74c: NT Headers: 0xf8 2bf0.74c: Timestamp: 0x79cc11d7 2bf0.74c: Machine: 0x8664 - amd64 2bf0.74c: Timestamp: 0x79cc11d7 2bf0.74c: Image Version: 6.1 2bf0.74c: SizeOfImage: 0x12000 (73728) 2bf0.74c: Resource Dir: 0x10000 LB 0x438 2bf0.74c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2bf0.74c: [Raw version resource data: 0x10060 LB 0x3d4, codepage 0x0 (reserved 0x0)] 2bf0.74c: ProductName: Coretech Delivery 2bf0.74c: ProductVersion: 30.0.3716.0 2bf0.74c: FileVersion: 30.0.3716.0 2bf0.74c: FileDescription: Keyboard Device Filter [fre_win7_amd64] 2bf0.74c: \SystemRoot\System32\drivers\klmouflt.sys: 2bf0.74c: CreationTime: 2019-03-17T20:50:34.000000000Z 2bf0.74c: LastWriteTime: 2019-03-17T20:50:34.000000000Z 2bf0.74c: ChangeTime: 2019-08-05T11:59:11.843009100Z 2bf0.74c: FileAttributes: 0x20 2bf0.74c: Size: 0xe878 2bf0.74c: NT Headers: 0xe8 2bf0.74c: Timestamp: 0xab7b625 2bf0.74c: Machine: 0x8664 - amd64 2bf0.74c: Timestamp: 0xab7b625 2bf0.74c: Image Version: 6.1 2bf0.74c: SizeOfImage: 0xe000 (57344) 2bf0.74c: Resource Dir: 0xc000 LB 0x430 2bf0.74c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2bf0.74c: [Raw version resource data: 0xc060 LB 0x3d0, codepage 0x0 (reserved 0x0)] 2bf0.74c: ProductName: Coretech Delivery 2bf0.74c: ProductVersion: 30.0.3716.0 2bf0.74c: FileVersion: 30.0.3716.0 2bf0.74c: FileDescription: Mouse Device Filter [fre_win7_amd64] 2bf0.74c: \SystemRoot\System32\drivers\kneps.sys: 2bf0.74c: CreationTime: 2019-03-18T21:31:38.000000000Z 2bf0.74c: LastWriteTime: 2019-03-18T21:31:38.000000000Z 2bf0.74c: ChangeTime: 2019-08-05T11:59:10.794405100Z 2bf0.74c: FileAttributes: 0x20 2bf0.74c: Size: 0x38b50 2bf0.74c: NT Headers: 0x108 2bf0.74c: Timestamp: 0x7aa255dc 2bf0.74c: Machine: 0x8664 - amd64 2bf0.74c: Timestamp: 0x7aa255dc 2bf0.74c: Image Version: 6.1 2bf0.74c: SizeOfImage: 0x38000 (229376) 2bf0.74c: Resource Dir: 0x35000 LB 0x428 2bf0.74c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2bf0.74c: [Raw version resource data: 0x35060 LB 0x3c4, codepage 0x0 (reserved 0x0)] 2bf0.74c: ProductName: Coretech Delivery 2bf0.74c: ProductVersion: 30.0.3731.0 2bf0.74c: FileVersion: 30.0.3731.0 2bf0.74c: FileDescription: Network Processor [fre_win7_amd64] 2bf0.74c: \SystemRoot\System32\klfphc.dll: 2bf0.74c: CreationTime: 2019-08-05T11:59:09.424175900Z 2bf0.74c: LastWriteTime: 2013-05-06T03:13:26.000000000Z 2bf0.74c: ChangeTime: 2019-08-05T11:58:46.331052700Z 2bf0.74c: FileAttributes: 0x20 2bf0.74c: Size: 0x1ae60 2bf0.74c: NT Headers: 0xe8 2bf0.74c: Timestamp: 0x51873bf2 2bf0.74c: Machine: 0x8664 - amd64 2bf0.74c: Timestamp: 0x51873bf2 2bf0.74c: Image Version: 0.0 2bf0.74c: SizeOfImage: 0x1d000 (118784) 2bf0.74c: Resource Dir: 0x18000 LB 0x3c80 2bf0.74c: [Version info resource found at 0x188! (ID/Name: 0x1; SubID/SubName: 0x409)] 2bf0.74c: [Raw version resource data: 0x1b800 LB 0x324, codepage 0x4e4 (reserved 0x0)] 2bf0.74c: ProductName: Kaspersky™ Anti-Virus ® 2bf0.74c: ProductVersion: 1.0.0.12 2bf0.74c: FileVersion: 1.0.0.12 2bf0.74c: FileDescription: Filtering Platform Helper Class 2bf0.74c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 2bf0.74c: Calling main() 2bf0.74c: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 2bf0.74c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 2bf0.74c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 2bf0.74c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 2bf0.74c: SUPR3HardenedMain: Respawn #2 2bf0.74c: supR3HardNtEnableThreadCreationEx: 2bf0.74c: supR3HardenedDllNotificationCallback: load 00007ff82b9b0000 LB 0x00122000 C:\Windows\System32\RPCRT4.dll [fFlags=0x0] 2bf0.74c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll) 2bf0.74c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 2bf0.74c: supR3HardenedDllNotificationCallback: load 00007ff82bae0000 LB 0x0009e000 C:\Windows\System32\sechost.dll [fFlags=0x0] 2bf0.74c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'. 2bf0.74c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll) 2bf0.74c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll 2bf0.74c: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 2bf0.74c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll) 2bf0.74c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2bf0.74c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2bf0.74c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2bf0.74c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2bf0.74c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2bf0.74c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82e6c0000 'C:\Windows\System32\ntdll.dll' 2bf0.74c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff82e735660 pvNtTerminateThread=00007ff82e7601b0 2bf0.74c: supR3HardenedWinDoReSpawn(2): New child 2e8c.3184 [kernel32]. 2bf0.74c: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless) 2bf0.74c: supR3HardNtChildGatherData: PebBaseAddress=00000000002e4000 cbPeb=0x388 2bf0.74c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff82e6c0000 uNtDllChildAddr=00007ff82e6c0000 2bf0.74c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff82e735660 2bf0.74c: supR3HardenedWinSetupChildInit: Start child. 2bf0.74c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 2bf0.74c: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 33 sleeps 2bf0.74c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 2bf0.74c: *0000000000000000-000000000014ffff 0x0001/0x0000 0x0000000 2bf0.74c: *0000000000150000-000000000016ffff 0x0004/0x0004 0x0020000 2bf0.74c: *0000000000170000-0000000000189fff 0x0002/0x0002 0x0040000 2bf0.74c: 000000000018a000-000000000018ffff 0x0001/0x0000 0x0000000 2bf0.74c: *0000000000190000-0000000000193fff 0x0002/0x0002 0x0040000 2bf0.74c: 0000000000194000-000000000019ffff 0x0001/0x0000 0x0000000 2bf0.74c: *00000000001a0000-00000000001a1fff 0x0004/0x0004 0x0020000 2bf0.74c: 00000000001a2000-00000000001fffff 0x0001/0x0000 0x0000000 2bf0.74c: *0000000000200000-00000000002e3fff 0x0000/0x0004 0x0020000 2bf0.74c: 00000000002e4000-00000000002e6fff 0x0004/0x0004 0x0020000 2bf0.74c: 00000000002e7000-00000000003fffff 0x0000/0x0004 0x0020000 2bf0.74c: *0000000000400000-00000000004fafff 0x0000/0x0004 0x0020000 2bf0.74c: 00000000004fb000-00000000004fdfff 0x0104/0x0004 0x0020000 2bf0.74c: 00000000004fe000-00000000004fffff 0x0004/0x0004 0x0020000 2bf0.74c: 0000000000500000-000000007ffdffff 0x0001/0x0000 0x0000000 2bf0.74c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 2bf0.74c: 000000007ffe1000-000000007ffe4fff 0x0001/0x0000 0x0000000 2bf0.74c: *000000007ffe5000-000000007ffe5fff 0x0002/0x0002 0x0020000 2bf0.74c: 000000007ffe6000-00007ff55d2dffff 0x0001/0x0000 0x0000000 2bf0.74c: *00007ff55d2e0000-00007ff55d2e0fff 0x0002/0x0002 0x0040000 2bf0.74c: 00007ff55d2e1000-00007ff55d2effff 0x0001/0x0000 0x0000000 2bf0.74c: *00007ff55d2f0000-00007ff55d312fff 0x0002/0x0002 0x0040000 2bf0.74c: 00007ff55d313000-00007ff74df7ffff 0x0001/0x0000 0x0000000 2bf0.74c: *00007ff74df80000-00007ff74df80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2bf0.74c: 00007ff74df81000-00007ff74dff5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2bf0.74c: 00007ff74dff6000-00007ff74dff6fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2bf0.74c: 00007ff74dff7000-00007ff74e03efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2bf0.74c: 00007ff74e03f000-00007ff74e03ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2bf0.74c: 00007ff74e040000-00007ff74e040fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2bf0.74c: 00007ff74e041000-00007ff74e045fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2bf0.74c: 00007ff74e046000-00007ff74e046fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2bf0.74c: 00007ff74e047000-00007ff74e047fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2bf0.74c: 00007ff74e048000-00007ff74e04bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2bf0.74c: 00007ff74e04c000-00007ff74e094fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2bf0.74c: 00007ff74e095000-00007ff82e6bffff 0x0001/0x0000 0x0000000 2bf0.74c: *00007ff82e6c0000-00007ff82e6c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2bf0.74c: 00007ff82e6c1000-00007ff82e7d7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2bf0.74c: 00007ff82e7d8000-00007ff82e81efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2bf0.74c: 00007ff82e81f000-00007ff82e829fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2bf0.74c: 00007ff82e82a000-00007ff82e837fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2bf0.74c: 00007ff82e838000-00007ff82e838fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2bf0.74c: 00007ff82e839000-00007ff82e83bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2bf0.74c: 00007ff82e83c000-00007ff82e8acfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2bf0.74c: 00007ff82e8ad000-00007ffffffeffff 0x0001/0x0000 0x0000000 2bf0.74c: VirtualBoxVM.exe: timestamp 0x5d9f7c37 (rc=VINF_SUCCESS) 2bf0.74c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 2bf0.74c: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 2bf0.74c: supR3HardNtChildPurify: Done after 562 ms and 0 fixes (loop #0). 2e8c.3184: Log file opened: 6.0.14r133895 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0456300 2e8c.3184: supR3HardenedVmProcessInit: uNtDllAddr=00007ff82e6c0000 g_uNtVerCombined=0xa0456300 2e8c.3184: ntdll.dll: timestamp 0x1f1a0210 (rc=VINF_SUCCESS) 2e8c.3184: New simple heap: #1 0000000000600000 LB 0x400000 (for 2019328 allocation) 2bf0.74c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000c00000 LB 0x400000) 2bf0.74c: supR3HardNtEnableThreadCreationEx: 2e8c.3184: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 2e8c.3184: System32: \Device\HarddiskVolume2\Windows\System32 2e8c.3184: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS 2e8c.3184: KnownDllPath: C:\Windows\System32 2e8c.3184: supR3HardenedVmProcessInit: Opening vboxdrv... 2e8c.3184: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 2e8c.3184: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 2e8c.3184: Registered Dll notification callback with NTDLL. 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] 2e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff82aa80000 LB 0x00293000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0] 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 2e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff82ddc0000 LB 0x000b3000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0] 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82ddc0000 'C:\Windows\System32\KERNEL32.DLL' 2e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff74df80000 LB 0x00115000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0] 2e8c.3184: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2e8c.3184: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff82e735660 pvNtTerminateThread=00007ff82e7601b0 2bf0.74c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 125 ms. 2e8c.3184: \SystemRoot\System32\ntdll.dll: 2e8c.3184: CreationTime: 2019-10-26T06:25:21.218613600Z 2e8c.3184: LastWriteTime: 2019-10-26T06:25:21.374772900Z 2e8c.3184: ChangeTime: 2019-12-10T18:28:32.715327900Z 2e8c.3184: FileAttributes: 0x20 2e8c.3184: Size: 0x1e70e0 2e8c.3184: NT Headers: 0xe0 2e8c.3184: Timestamp: 0x1f1a0210 2e8c.3184: Machine: 0x8664 - amd64 2e8c.3184: Timestamp: 0x1f1a0210 2e8c.3184: Image Version: 10.0 2e8c.3184: SizeOfImage: 0x1ed000 (2019328) 2e8c.3184: Resource Dir: 0x17d000 LB 0x6eb48 2e8c.3184: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 2e8c.3184: [Raw version resource data: 0x17d0f0 LB 0x380, codepage 0x0 (reserved 0x0)] 2e8c.3184: ProductName: Microsoft® Windows® Operating System 2e8c.3184: ProductVersion: 10.0.17763.831 2e8c.3184: FileVersion: 10.0.17763.831 (WinBuild.160101.0800) 2e8c.3184: FileDescription: NT Layer DLL 2e8c.3184: \SystemRoot\System32\kernel32.dll: 2e8c.3184: CreationTime: 2019-05-21T15:18:15.716327300Z 2e8c.3184: LastWriteTime: 2019-05-21T15:18:15.747064300Z 2e8c.3184: ChangeTime: 2019-12-10T18:28:32.668445800Z 2e8c.3184: FileAttributes: 0x20 2e8c.3184: Size: 0xb12c0 2e8c.3184: NT Headers: 0xe8 2e8c.3184: Timestamp: 0x250a0626 2e8c.3184: Machine: 0x8664 - amd64 2e8c.3184: Timestamp: 0x250a0626 2e8c.3184: Image Version: 10.0 2e8c.3184: SizeOfImage: 0xb3000 (733184) 2e8c.3184: Resource Dir: 0xb1000 LB 0x520 2e8c.3184: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2e8c.3184: [Raw version resource data: 0xb10b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 2e8c.3184: ProductName: Microsoft® Windows® Operating System 2e8c.3184: ProductVersion: 10.0.17763.475 2e8c.3184: FileVersion: 10.0.17763.475 (WinBuild.160101.0800) 2e8c.3184: FileDescription: Windows NT BASE API Client DLL 2e8c.3184: \SystemRoot\System32\KernelBase.dll: 2e8c.3184: CreationTime: 2019-12-10T18:26:48.543167600Z 2e8c.3184: LastWriteTime: 2019-12-10T18:26:48.777623900Z 2e8c.3184: ChangeTime: 2019-12-10T19:01:12.208613700Z 2e8c.3184: FileAttributes: 0x20 2e8c.3184: Size: 0x2931f8 2e8c.3184: NT Headers: 0xf8 2e8c.3184: Timestamp: 0xfb6790ac 2e8c.3184: Machine: 0x8664 - amd64 2e8c.3184: Timestamp: 0xfb6790ac 2e8c.3184: Image Version: 10.0 2e8c.3184: SizeOfImage: 0x293000 (2699264) 2e8c.3184: Resource Dir: 0x26f000 LB 0x548 2e8c.3184: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2e8c.3184: [Raw version resource data: 0x26f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 2e8c.3184: ProductName: Microsoft® Windows® Operating System 2e8c.3184: ProductVersion: 10.0.17763.914 2e8c.3184: FileVersion: 10.0.17763.914 (WinBuild.160101.0800) 2e8c.3184: FileDescription: Windows NT BASE API Client DLL 2e8c.3184: \SystemRoot\System32\apisetschema.dll: 2e8c.3184: CreationTime: 2018-09-15T07:28:25.403122600Z 2e8c.3184: LastWriteTime: 2018-09-15T07:28:25.403122600Z 2e8c.3184: ChangeTime: 2019-08-01T13:38:31.956025100Z 2e8c.3184: FileAttributes: 0x20 2e8c.3184: Size: 0x1c738 2e8c.3184: NT Headers: 0xd0 2e8c.3184: Timestamp: 0x33775897 2e8c.3184: Machine: 0x8664 - amd64 2e8c.3184: Timestamp: 0x33775897 2e8c.3184: Image Version: 10.0 2e8c.3184: SizeOfImage: 0x1d000 (118784) 2e8c.3184: Resource Dir: 0x1c000 LB 0x408 2e8c.3184: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2e8c.3184: [Raw version resource data: 0x1c060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 2e8c.3184: ProductName: Microsoft® Windows® Operating System 2e8c.3184: ProductVersion: 10.0.17763.1 2e8c.3184: FileVersion: 10.0.17763.1 (WinBuild.160101.0800) 2e8c.3184: FileDescription: ApiSet Schema DLL 2e8c.3184: NtOpenDirectoryObject failed on \Driver: 0xc0000022 2e8c.3184: supR3HardenedWinFindAdversaries: 0x40 2e8c.3184: \SystemRoot\System32\drivers\klflt.sys: 2e8c.3184: CreationTime: 2019-08-05T11:58:31.714327500Z 2e8c.3184: LastWriteTime: 2019-10-31T09:59:01.548529300Z 2e8c.3184: ChangeTime: 2019-10-31T09:59:01.548529300Z 2e8c.3184: FileAttributes: 0x20 2e8c.3184: Size: 0x3d678 2e8c.3184: NT Headers: 0x100 2e8c.3184: Timestamp: 0xddaa7cbc 2e8c.3184: Machine: 0x8664 - amd64 2e8c.3184: Timestamp: 0xddaa7cbc 2e8c.3184: Image Version: 6.1 2e8c.3184: SizeOfImage: 0x4a000 (303104) 2e8c.3184: Resource Dir: 0x47000 LB 0x418 2e8c.3184: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2e8c.3184: [Raw version resource data: 0x47060 LB 0x3b8, codepage 0x0 (reserved 0x0)] 2e8c.3184: ProductName: Coretech Delivery 2e8c.3184: ProductVersion: 30.112.90.0 2e8c.3184: FileVersion: 30.112.90.0 2e8c.3184: FileDescription: Filter Core [fre_win7_amd64] 2e8c.3184: \SystemRoot\System32\drivers\klif.sys: 2e8c.3184: CreationTime: 2019-08-05T11:58:31.848799700Z 2e8c.3184: LastWriteTime: 2019-10-31T09:59:01.803543200Z 2e8c.3184: ChangeTime: 2019-10-31T09:59:01.803543200Z 2e8c.3184: FileAttributes: 0x20 2e8c.3184: Size: 0xf3a80 2e8c.3184: NT Headers: 0xf8 2e8c.3184: Timestamp: 0x5da6282c 2e8c.3184: Machine: 0x8664 - amd64 2e8c.3184: Timestamp: 0x5da6282c 2e8c.3184: Image Version: 6.1 2e8c.3184: SizeOfImage: 0xf4000 (999424) 2e8c.3184: Resource Dir: 0xeb000 LB 0x33f8 2e8c.3184: [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)] 2e8c.3184: [Raw version resource data: 0xee028 LB 0x3d0, codepage 0x0 (reserved 0x0)] 2e8c.3184: ProductName: Coretech Delivery 2e8c.3184: ProductVersion: 30.112.90.0 2e8c.3184: FileVersion: 30.112.90.0 2e8c.3184: FileDescription: Core System Interceptors [fre_win7_amd64] 2e8c.3184: \SystemRoot\System32\drivers\klim6.sys: 2e8c.3184: CreationTime: 2019-03-19T02:21:06.000000000Z 2e8c.3184: LastWriteTime: 2019-03-19T02:21:06.000000000Z 2e8c.3184: ChangeTime: 2019-08-05T11:59:15.443759300Z 2e8c.3184: FileAttributes: 0x20 2e8c.3184: Size: 0xe350 2e8c.3184: NT Headers: 0xe0 2e8c.3184: Timestamp: 0x54ad405e 2e8c.3184: Machine: 0x8664 - amd64 2e8c.3184: Timestamp: 0x54ad405e 2e8c.3184: Image Version: 6.1 2e8c.3184: SizeOfImage: 0xb000 (45056) 2e8c.3184: Resource Dir: 0x9000 LB 0x430 2e8c.3184: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2e8c.3184: [Raw version resource data: 0x9060 LB 0x3cc, codepage 0x0 (reserved 0x0)] 2e8c.3184: ProductName: Coretech Delivery 2e8c.3184: ProductVersion: 30.0.3724.0 2e8c.3184: FileVersion: 30.0.3724.0 2e8c.3184: FileDescription: Packet Network Filter [fre_win7_amd64] 2e8c.3184: \SystemRoot\System32\drivers\klkbdflt.sys: 2e8c.3184: CreationTime: 2019-03-17T21:11:30.000000000Z 2e8c.3184: LastWriteTime: 2019-03-17T21:11:30.000000000Z 2e8c.3184: ChangeTime: 2019-08-05T11:59:11.806205900Z 2e8c.3184: FileAttributes: 0x20 2e8c.3184: Size: 0x13550 2e8c.3184: NT Headers: 0xf8 2e8c.3184: Timestamp: 0x79cc11d7 2e8c.3184: Machine: 0x8664 - amd64 2e8c.3184: Timestamp: 0x79cc11d7 2e8c.3184: Image Version: 6.1 2e8c.3184: SizeOfImage: 0x12000 (73728) 2e8c.3184: Resource Dir: 0x10000 LB 0x438 2e8c.3184: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2e8c.3184: [Raw version resource data: 0x10060 LB 0x3d4, codepage 0x0 (reserved 0x0)] 2e8c.3184: ProductName: Coretech Delivery 2e8c.3184: ProductVersion: 30.0.3716.0 2e8c.3184: FileVersion: 30.0.3716.0 2e8c.3184: FileDescription: Keyboard Device Filter [fre_win7_amd64] 2e8c.3184: \SystemRoot\System32\drivers\klmouflt.sys: 2e8c.3184: CreationTime: 2019-03-17T20:50:34.000000000Z 2e8c.3184: LastWriteTime: 2019-03-17T20:50:34.000000000Z 2e8c.3184: ChangeTime: 2019-08-05T11:59:11.843009100Z 2e8c.3184: FileAttributes: 0x20 2e8c.3184: Size: 0xe878 2e8c.3184: NT Headers: 0xe8 2e8c.3184: Timestamp: 0xab7b625 2e8c.3184: Machine: 0x8664 - amd64 2e8c.3184: Timestamp: 0xab7b625 2e8c.3184: Image Version: 6.1 2e8c.3184: SizeOfImage: 0xe000 (57344) 2e8c.3184: Resource Dir: 0xc000 LB 0x430 2e8c.3184: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2e8c.3184: [Raw version resource data: 0xc060 LB 0x3d0, codepage 0x0 (reserved 0x0)] 2e8c.3184: ProductName: Coretech Delivery 2e8c.3184: ProductVersion: 30.0.3716.0 2e8c.3184: FileVersion: 30.0.3716.0 2e8c.3184: FileDescription: Mouse Device Filter [fre_win7_amd64] 2e8c.3184: \SystemRoot\System32\drivers\kneps.sys: 2e8c.3184: CreationTime: 2019-03-18T21:31:38.000000000Z 2e8c.3184: LastWriteTime: 2019-03-18T21:31:38.000000000Z 2e8c.3184: ChangeTime: 2019-08-05T11:59:10.794405100Z 2e8c.3184: FileAttributes: 0x20 2e8c.3184: Size: 0x38b50 2e8c.3184: NT Headers: 0x108 2e8c.3184: Timestamp: 0x7aa255dc 2e8c.3184: Machine: 0x8664 - amd64 2e8c.3184: Timestamp: 0x7aa255dc 2e8c.3184: Image Version: 6.1 2e8c.3184: SizeOfImage: 0x38000 (229376) 2e8c.3184: Resource Dir: 0x35000 LB 0x428 2e8c.3184: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2e8c.3184: [Raw version resource data: 0x35060 LB 0x3c4, codepage 0x0 (reserved 0x0)] 2e8c.3184: ProductName: Coretech Delivery 2e8c.3184: ProductVersion: 30.0.3731.0 2e8c.3184: FileVersion: 30.0.3731.0 2e8c.3184: FileDescription: Network Processor [fre_win7_amd64] 2e8c.3184: \SystemRoot\System32\klfphc.dll: 2e8c.3184: CreationTime: 2019-08-05T11:59:09.424175900Z 2e8c.3184: LastWriteTime: 2013-05-06T03:13:26.000000000Z 2e8c.3184: ChangeTime: 2019-08-05T11:58:46.331052700Z 2e8c.3184: FileAttributes: 0x20 2e8c.3184: Size: 0x1ae60 2e8c.3184: NT Headers: 0xe8 2e8c.3184: Timestamp: 0x51873bf2 2e8c.3184: Machine: 0x8664 - amd64 2e8c.3184: Timestamp: 0x51873bf2 2e8c.3184: Image Version: 0.0 2e8c.3184: SizeOfImage: 0x1d000 (118784) 2e8c.3184: Resource Dir: 0x18000 LB 0x3c80 2e8c.3184: [Version info resource found at 0x188! (ID/Name: 0x1; SubID/SubName: 0x409)] 2e8c.3184: [Raw version resource data: 0x1b800 LB 0x324, codepage 0x4e4 (reserved 0x0)] 2e8c.3184: ProductName: Kaspersky™ Anti-Virus ® 2e8c.3184: ProductVersion: 1.0.0.12 2e8c.3184: FileVersion: 1.0.0.12 2e8c.3184: FileDescription: Filtering Platform Helper Class 2e8c.3184: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 2e8c.3184: Calling main() 2e8c.3184: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 2e8c.3184: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 2e8c.3184: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 2e8c.3184: SUPR3HardenedMain: Final process, opening VBoxDrv... 2e8c.3184: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000600000 LB 0x400000) 2e8c.3184: supR3HardNtEnableThreadCreationEx: 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2e8c.3184: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff826f30000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff826f30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff826f30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff826f30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'. 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'msasn1.dll'. 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff82dd20000 LB 0x0009e000 C:\Windows\System32\msvcrt.dll [fFlags=0x0] 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff82a6a0000 LB 0x00012000 C:\Windows\System32\MSASN1.dll [fFlags=0x0] 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff82a780000 LB 0x000fa000 C:\Windows\System32\ucrtbase.dll [fFlags=0x0] 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ucrtbase.dll 2e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff82b470000 LB 0x001db000 C:\Windows\System32\CRYPT32.dll [fFlags=0x0] 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff82b9b0000 LB 0x00122000 C:\Windows\System32\RPCRT4.dll [fFlags=0x0] 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff82aa20000 LB 0x00059000 C:\Windows\System32\Wintrust.dll [fFlags=0x0] 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82aa80000 'api-ms-win-core-synch-l1-2-0' 2e8c.3184: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82aa80000 'api-ms-win-core-fibers-l1-1-1' 2e8c.3184: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82aa80000 'api-ms-win-core-fibers-l1-1-1' 2e8c.3184: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82aa80000 'api-ms-win-core-synch-l1-2-0' 2e8c.3184: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82aa80000 'api-ms-win-core-localization-l1-2-1' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82aa20000 'C:\Windows\system32\Wintrust.dll' 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff82a750000 LB 0x00026000 C:\Windows\System32\bcrypt.dll [fFlags=0x0] 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82a750000 'C:\Windows\system32\bcrypt.dll' 2e8c.3184: bcrypt.dll loaded at 00007ff82a750000, BCryptOpenAlgorithmProvider at 00007ff82a754d60, preloading providers: 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff82a950000 LB 0x0007e000 C:\Windows\System32\bcryptprimitives.dll [fFlags=0x0] 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82a950000 'C:\Windows\system32\bcryptprimitives.dll' 2e8c.3184: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000a4d8c0) 2e8c.3184: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000a4e620) 2e8c.3184: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000a4f130) 2e8c.3184: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000a4f430) 2e8c.3184: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000a4f730) 2e8c.3184: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000a4fa30) 2e8c.3184: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000a4fd30) 2e8c.3184: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000a50440) 2e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff82a880000 LB 0x00017000 C:\Windows\System32\CRYPTSP.dll [fFlags=0x0] 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'. 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff829a70000 LB 0x00033000 C:\Windows\system32\rsaenh.dll [fFlags=0x0] 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'. 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll 2e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff82a0c0000 LB 0x0000c000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0] 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82ddc0000 'C:\Windows\System32\kernel32.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82aa20000 'C:\Windows\System32\WINTRUST.DLL' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\CRYPT32.dll' 2e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff82b910000 LB 0x0001d000 C:\Windows\System32\imagehlp.dll [fFlags=0x0] 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff82bae0000 LB 0x0009e000 C:\Windows\System32\sechost.dll [fFlags=0x0] 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'. 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'. 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll 2e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff829310000 LB 0x00022000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0] 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff82a6c0000 LB 0x00024000 C:\Windows\System32\profapi.dll [fFlags=0x0] 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'. 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff81ffd0000 LB 0x0002f000 C:\Windows\System32\cryptnet.dll [fFlags=0x0] 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ffd0000 'C:\Windows\System32\cryptnet.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ffd0000 'C:\Windows\System32\cryptnet.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ffd0000 'C:\Windows\System32\cryptnet.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ffd0000 'C:\Windows\System32\cryptnet.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ffd0000 'C:\Windows\System32\cryptnet.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ffd0000 'C:\Windows\System32\cryptnet.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ffd0000 'C:\Windows\System32\cryptnet.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ffd0000 'C:\Windows\System32\cryptnet.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ffd0000 'C:\Windows\System32\cryptnet.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ffd0000 'C:\Windows\System32\cryptnet.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ffd0000 'C:\Windows\System32\cryptnet.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ffd0000 'C:\Windows\System32\cryptnet.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ffd0000 'C:\Windows\System32\cryptnet.dll' 2e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff82d5c0000 LB 0x000a3000 C:\Windows\System32\advapi32.dll [fFlags=0x0] 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'. 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000a5e970 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a5e970 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41C90F26E88C181E61C61D8FE6FB6BC4B7273100 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b9b0000 'C:\Windows\System32\rpcrt4.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1329_for_KB4530715~31bf3856ad364e35~amd64~~10.0.1.4.cat'; file='\SystemRoot\System32\ntdll.dll' 2e8c.3184: g_pfnWinVerifyTrust=00007ff82aa26370 2e8c.3184: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust] 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust] 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000390 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000a5e970 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a5e970 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A71FAF93E7F6555CF5752D6A603A870E378E49E6 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0) 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000a5e5b0 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a5e5b0 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A71FAF93E7F6555CF5752D6A603A870E378E49E6 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168) 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000a5e670 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a5e670 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=94A646B11F6AB0A5169AF0ED46737E8E6ED30FA366AFD0C9B52535169D41D53C 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168) 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 2e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\system32\crypt32.dll' 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xcc0bafe3d466a600 O=AO Kaspersky Lab, CN=Kaspersky Anti-Virus Personal Root Certificate 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp. 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048) 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA 2e8c.3184: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root 2e8c.3184: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=46 2e8c.3184: SUPR3HardenedMain: Load Runtime... 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 2e8c.3184: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'. 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01: [calling] 2e8c.3184: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 2e8c.3184: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust] 2e8c.3184: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 2e8c.3184: supR3HardenedDllNotificationCallback: load 0000000060a20000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0] 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust] 2e8c.3184: supR3HardenedDllNotificationCallback: load 0000000060410000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0] 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 2e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff82d900000 LB 0x0006d000 C:\Windows\System32\WS2_32.dll [fFlags=0x0] 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 2e8c.3184: supR3HardenedDllNotificationCallback: load 00007ff801aa0000 LB 0x005e2000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0] 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 2e8c.3184: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82aa20000 'C:\Windows\system32\Wintrust.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\system32\crypt32.dll' 2e8c.3184: SUPR3HardenedMain: Load TrustedMain... 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxglobal.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'. 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008] 2e8c.3184: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmmbase.dll) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'. 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 2e8c.3184: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'bcryptprimitives.dll'. 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 2e8c.3184: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'. 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'gdi32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'user32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'combase.dll'. 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'. 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'. 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 2e8c.3184: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'. 2e8c.3184: '\Device\HarddiskVolume2\Windows\System32\win32u.dll' has no imports 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\win32u.dll) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\win32u.dll 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'. 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll) WinVerifyTrust 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'. 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 2e8c.3184: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'. 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 2e8c.3184: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 2e8c.3184: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'user32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #77 'gdi32.dll'. 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'. 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008] 2e8c.3184: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'. 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'. 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll' 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll' 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxglobal.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxglobal.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxglobal.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'. 2e8c.3184: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'. 2e8c.3184: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGlobal.dll) WinVerifyTrust 2e8c.3184: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGlobal.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust] 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000484 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000a5e5b0 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a5e5b0 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F9EA7A084F8D34EE062D8C0EF5D96EF865883D56 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0) 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000a5e5b0 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a5e5b0 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F9EA7A084F8D34EE062D8C0EF5D96EF865883D56 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168) 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000a5e670 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a5e670 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=16CA5B2F8C50BEB43A1363150321F2954D05E1AD906C5222E46003C7C61E26DE 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0) 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000a5e2b0 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a5e2b0 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=16CA5B2F8C50BEB43A1363150321F2954D05E1AD906C5222E46003C7C61E26DE 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168) 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 2e8c.3184: supR3HardenedScreenImage/Imports: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' 2e8c.3184: Error (rc=0): 2e8c.3184: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume2\Windows\System32\opengl32.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 2e8c.3184: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01: [calling] 2e8c.3184: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll 2e8c.3184: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll 2e8c.3184: Error (rc=0): 2e8c.3184: supR3HardenedScreenImage/NtCreateSection: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x10 fAccess=0xf cHits=3 \Device\HarddiskVolume2\Windows\System32\opengl32.dll 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll' 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000488 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000a5e5b0 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a5e5b0 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=45FF4C1DBC7AE18A1DA512455F13BC17EA659425 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0) 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000a5e370 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a5e370 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=45FF4C1DBC7AE18A1DA512455F13BC17EA659425 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168) 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000a5e2b0 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a5e2b0 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=CA2198DF63DD7B6D9F725D808FE90C3A1A9C3D1C2674BEAC04F00FEB41139EBF 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0) 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000a5ed30 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a5ed30 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=CA2198DF63DD7B6D9F725D808FE90C3A1A9C3D1C2674BEAC04F00FEB41139EBF 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168) 2e8c.3184: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 2e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff829a70000 'C:\Windows\system32\rsaenh.dll' 2e8c.3184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b470000 'C:\Windows\System32\crypt32.dll' 2e8c.3184: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' 2e8c.3184: Fatal error: 2e8c.3184: supR3HardenedMainGetTrustedMain: LoadLibrary "C:\Program Files\Oracle\VirtualBox/VirtualBoxVM.dll" failed, rc=1790 2bf0.74c: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 3953 ms, the end); 2584.1660: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 4796 ms, the end);