1bb0.2dd8: Log file opened: 6.1.16r140961 g_hStartupLog=0000000000000074 g_uNtVerCombined=0xa047bb00 1bb0.2dd8: \SystemRoot\System32\ntdll.dll: 1bb0.2dd8: CreationTime: 2020-11-16T21:24:26.565758000Z 1bb0.2dd8: LastWriteTime: 2020-11-16T21:24:26.640935300Z 1bb0.2dd8: ChangeTime: 2020-11-16T23:59:56.844820200Z 1bb0.2dd8: FileAttributes: 0x20 1bb0.2dd8: Size: 0x1e8058 1bb0.2dd8: NT Headers: 0xd8 1bb0.2dd8: Timestamp: 0x103a4719 1bb0.2dd8: Machine: 0x8664 - amd64 1bb0.2dd8: Timestamp: 0x103a4719 1bb0.2dd8: Image Version: 10.0 1bb0.2dd8: SizeOfImage: 0x1f0000 (2031616) 1bb0.2dd8: Resource Dir: 0x17f000 LB 0x6f3b8 1bb0.2dd8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 1bb0.2dd8: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)] 1bb0.2dd8: ProductName: Microsoft® Windows® Operating System 1bb0.2dd8: ProductVersion: 10.0.18362.1171 1bb0.2dd8: FileVersion: 10.0.18362.1171 (WinBuild.160101.0800) 1bb0.2dd8: FileDescription: NT Layer DLL 1bb0.2dd8: \SystemRoot\System32\kernel32.dll: 1bb0.2dd8: CreationTime: 2020-10-14T15:41:50.085714300Z 1bb0.2dd8: LastWriteTime: 2020-10-14T15:41:50.135685400Z 1bb0.2dd8: ChangeTime: 2020-11-16T21:27:38.218148600Z 1bb0.2dd8: FileAttributes: 0x20 1bb0.2dd8: Size: 0xb04a0 1bb0.2dd8: NT Headers: 0xf8 1bb0.2dd8: Timestamp: 0x2d28261f 1bb0.2dd8: Machine: 0x8664 - amd64 1bb0.2dd8: Timestamp: 0x2d28261f 1bb0.2dd8: Image Version: 10.0 1bb0.2dd8: SizeOfImage: 0xb2000 (729088) 1bb0.2dd8: Resource Dir: 0xb0000 LB 0x520 1bb0.2dd8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 1bb0.2dd8: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 1bb0.2dd8: ProductName: Microsoft® Windows® Operating System 1bb0.2dd8: ProductVersion: 10.0.18362.1110 1bb0.2dd8: FileVersion: 10.0.18362.1110 (WinBuild.160101.0800) 1bb0.2dd8: FileDescription: Windows NT BASE API Client DLL 1bb0.2dd8: \SystemRoot\System32\KernelBase.dll: 1bb0.2dd8: CreationTime: 2020-10-14T15:42:29.628041900Z 1bb0.2dd8: LastWriteTime: 2020-10-14T15:42:29.814934200Z 1bb0.2dd8: ChangeTime: 2020-11-16T21:27:38.634087800Z 1bb0.2dd8: FileAttributes: 0x20 1bb0.2dd8: Size: 0x2a5a88 1bb0.2dd8: NT Headers: 0x100 1bb0.2dd8: Timestamp: 0xa8b891f5 1bb0.2dd8: Machine: 0x8664 - amd64 1bb0.2dd8: Timestamp: 0xa8b891f5 1bb0.2dd8: Image Version: 10.0 1bb0.2dd8: SizeOfImage: 0x2a5000 (2772992) 1bb0.2dd8: Resource Dir: 0x27f000 LB 0x548 1bb0.2dd8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 1bb0.2dd8: [Raw version resource data: 0x27f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 1bb0.2dd8: ProductName: Microsoft® Windows® Operating System 1bb0.2dd8: ProductVersion: 10.0.18362.1139 1bb0.2dd8: FileVersion: 10.0.18362.1139 (WinBuild.160101.0800) 1bb0.2dd8: FileDescription: Windows NT BASE API Client DLL 1bb0.2dd8: \SystemRoot\System32\apisetschema.dll: 1bb0.2dd8: CreationTime: 2019-03-19T04:43:54.837151500Z 1bb0.2dd8: LastWriteTime: 2019-03-19T04:43:54.837151500Z 1bb0.2dd8: ChangeTime: 2020-11-16T21:27:38.195693000Z 1bb0.2dd8: FileAttributes: 0x20 1bb0.2dd8: Size: 0x1d028 1bb0.2dd8: NT Headers: 0xc8 1bb0.2dd8: Timestamp: 0xd6ced080 1bb0.2dd8: Machine: 0x8664 - amd64 1bb0.2dd8: Timestamp: 0xd6ced080 1bb0.2dd8: Image Version: 10.0 1bb0.2dd8: SizeOfImage: 0x1e000 (122880) 1bb0.2dd8: Resource Dir: 0x1d000 LB 0x408 1bb0.2dd8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 1bb0.2dd8: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 1bb0.2dd8: ProductName: Microsoft® Windows® Operating System 1bb0.2dd8: ProductVersion: 10.0.18362.1 1bb0.2dd8: FileVersion: 10.0.18362.1 (WinBuild.160101.0800) 1bb0.2dd8: FileDescription: ApiSet Schema DLL 1bb0.2dd8: NtOpenDirectoryObject failed on \Driver: 0xc0000022 1bb0.2dd8: supR3HardenedWinFindAdversaries: 0x40 1bb0.2dd8: \SystemRoot\System32\drivers\klflt.sys: 1bb0.2dd8: CreationTime: 2020-07-26T21:02:52.601332800Z 1bb0.2dd8: LastWriteTime: 2020-08-12T13:07:54.541171700Z 1bb0.2dd8: ChangeTime: 2020-08-12T13:07:54.541171700Z 1bb0.2dd8: FileAttributes: 0x20 1bb0.2dd8: Size: 0x3d798 1bb0.2dd8: NT Headers: 0x100 1bb0.2dd8: Timestamp: 0x82e91c41 1bb0.2dd8: Machine: 0x8664 - amd64 1bb0.2dd8: Timestamp: 0x82e91c41 1bb0.2dd8: Image Version: 6.1 1bb0.2dd8: SizeOfImage: 0x4a000 (303104) 1bb0.2dd8: Resource Dir: 0x47000 LB 0x418 1bb0.2dd8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 1bb0.2dd8: [Raw version resource data: 0x47060 LB 0x3b8, codepage 0x0 (reserved 0x0)] 1bb0.2dd8: ProductName: Coretech Delivery 1bb0.2dd8: ProductVersion: 30.437.60.0 1bb0.2dd8: FileVersion: 30.437.60.0 1bb0.2dd8: FileDescription: Filter Core [fre_win7_amd64] 1bb0.2dd8: \SystemRoot\System32\drivers\klif.sys: 1bb0.2dd8: CreationTime: 2020-07-26T21:02:52.712270600Z 1bb0.2dd8: LastWriteTime: 2020-08-12T13:07:54.986919300Z 1bb0.2dd8: ChangeTime: 2020-08-12T13:07:54.986919300Z 1bb0.2dd8: FileAttributes: 0x20 1bb0.2dd8: Size: 0xf3d98 1bb0.2dd8: NT Headers: 0xf8 1bb0.2dd8: Timestamp: 0x5ef8d291 1bb0.2dd8: Machine: 0x8664 - amd64 1bb0.2dd8: Timestamp: 0x5ef8d291 1bb0.2dd8: Image Version: 6.1 1bb0.2dd8: SizeOfImage: 0xf4000 (999424) 1bb0.2dd8: Resource Dir: 0xeb000 LB 0x33f8 1bb0.2dd8: [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)] 1bb0.2dd8: [Raw version resource data: 0xee028 LB 0x3d0, codepage 0x0 (reserved 0x0)] 1bb0.2dd8: ProductName: Coretech Delivery 1bb0.2dd8: ProductVersion: 30.437.60.0 1bb0.2dd8: FileVersion: 30.437.60.0 1bb0.2dd8: FileDescription: Core System Interceptors [fre_win7_amd64] 1bb0.2dd8: \SystemRoot\System32\drivers\klim6.sys: 1bb0.2dd8: CreationTime: 2019-03-19T10:21:06.000000000Z 1bb0.2dd8: LastWriteTime: 2019-03-19T10:21:06.000000000Z 1bb0.2dd8: ChangeTime: 2020-07-26T21:03:27.978256700Z 1bb0.2dd8: FileAttributes: 0x20 1bb0.2dd8: Size: 0xe350 1bb0.2dd8: NT Headers: 0xe0 1bb0.2dd8: Timestamp: 0x54ad405e 1bb0.2dd8: Machine: 0x8664 - amd64 1bb0.2dd8: Timestamp: 0x54ad405e 1bb0.2dd8: Image Version: 6.1 1bb0.2dd8: SizeOfImage: 0xb000 (45056) 1bb0.2dd8: Resource Dir: 0x9000 LB 0x430 1bb0.2dd8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 1bb0.2dd8: [Raw version resource data: 0x9060 LB 0x3cc, codepage 0x0 (reserved 0x0)] 1bb0.2dd8: ProductName: Coretech Delivery 1bb0.2dd8: ProductVersion: 30.0.3724.0 1bb0.2dd8: FileVersion: 30.0.3724.0 1bb0.2dd8: FileDescription: Packet Network Filter [fre_win7_amd64] 1bb0.2dd8: \SystemRoot\System32\drivers\klkbdflt.sys: 1bb0.2dd8: CreationTime: 2020-05-21T00:30:30.000000000Z 1bb0.2dd8: LastWriteTime: 2020-05-21T00:30:30.000000000Z 1bb0.2dd8: ChangeTime: 2020-07-26T21:03:27.229869700Z 1bb0.2dd8: FileAttributes: 0x20 1bb0.2dd8: Size: 0x13790 1bb0.2dd8: NT Headers: 0xf8 1bb0.2dd8: Timestamp: 0x6193eeca 1bb0.2dd8: Machine: 0x8664 - amd64 1bb0.2dd8: Timestamp: 0x6193eeca 1bb0.2dd8: Image Version: 6.1 1bb0.2dd8: SizeOfImage: 0x12000 (73728) 1bb0.2dd8: Resource Dir: 0x10000 LB 0x440 1bb0.2dd8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 1bb0.2dd8: [Raw version resource data: 0x10060 LB 0x3dc, codepage 0x0 (reserved 0x0)] 1bb0.2dd8: ProductName: Coretech Delivery 1bb0.2dd8: ProductVersion: 30.256.110.0 1bb0.2dd8: FileVersion: 30.256.110.0 1bb0.2dd8: FileDescription: Keyboard Device Filter [fre_win7_amd64] 1bb0.2dd8: \SystemRoot\System32\drivers\klmouflt.sys: 1bb0.2dd8: CreationTime: 2019-03-18T04:50:34.000000000Z 1bb0.2dd8: LastWriteTime: 2019-03-18T04:50:34.000000000Z 1bb0.2dd8: ChangeTime: 2020-07-26T21:03:26.960532900Z 1bb0.2dd8: FileAttributes: 0x20 1bb0.2dd8: Size: 0xe878 1bb0.2dd8: NT Headers: 0xe8 1bb0.2dd8: Timestamp: 0xab7b625 1bb0.2dd8: Machine: 0x8664 - amd64 1bb0.2dd8: Timestamp: 0xab7b625 1bb0.2dd8: Image Version: 6.1 1bb0.2dd8: SizeOfImage: 0xe000 (57344) 1bb0.2dd8: Resource Dir: 0xc000 LB 0x430 1bb0.2dd8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 1bb0.2dd8: [Raw version resource data: 0xc060 LB 0x3d0, codepage 0x0 (reserved 0x0)] 1bb0.2dd8: ProductName: Coretech Delivery 1bb0.2dd8: ProductVersion: 30.0.3716.0 1bb0.2dd8: FileVersion: 30.0.3716.0 1bb0.2dd8: FileDescription: Mouse Device Filter [fre_win7_amd64] 1bb0.2dd8: \SystemRoot\System32\drivers\kneps.sys: 1bb0.2dd8: CreationTime: 2020-05-21T00:30:30.000000000Z 1bb0.2dd8: LastWriteTime: 2020-08-12T13:07:55.177832800Z 1bb0.2dd8: ChangeTime: 2020-08-12T13:07:55.177832800Z 1bb0.2dd8: FileAttributes: 0x20 1bb0.2dd8: Size: 0x38f98 1bb0.2dd8: NT Headers: 0x108 1bb0.2dd8: Timestamp: 0x5f4eb836 1bb0.2dd8: Machine: 0x8664 - amd64 1bb0.2dd8: Timestamp: 0x5f4eb836 1bb0.2dd8: Image Version: 6.1 1bb0.2dd8: SizeOfImage: 0x38000 (229376) 1bb0.2dd8: Resource Dir: 0x35000 LB 0x428 1bb0.2dd8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 1bb0.2dd8: [Raw version resource data: 0x35060 LB 0x3c4, codepage 0x0 (reserved 0x0)] 1bb0.2dd8: ProductName: Coretech Delivery 1bb0.2dd8: ProductVersion: 30.437.53.0 1bb0.2dd8: FileVersion: 30.437.53.0 1bb0.2dd8: FileDescription: Network Processor [fre_win7_amd64] 1bb0.2dd8: \SystemRoot\System32\klfphc.dll: 1bb0.2dd8: CreationTime: 2020-07-26T21:03:25.440937400Z 1bb0.2dd8: LastWriteTime: 2013-05-06T11:13:26.000000000Z 1bb0.2dd8: ChangeTime: 2020-07-26T21:03:02.615376700Z 1bb0.2dd8: FileAttributes: 0x20 1bb0.2dd8: Size: 0x1ae60 1bb0.2dd8: NT Headers: 0xe8 1bb0.2dd8: Timestamp: 0x51873bf2 1bb0.2dd8: Machine: 0x8664 - amd64 1bb0.2dd8: Timestamp: 0x51873bf2 1bb0.2dd8: Image Version: 0.0 1bb0.2dd8: SizeOfImage: 0x1d000 (118784) 1bb0.2dd8: Resource Dir: 0x18000 LB 0x3c80 1bb0.2dd8: [Version info resource found at 0x188! (ID/Name: 0x1; SubID/SubName: 0x409)] 1bb0.2dd8: [Raw version resource data: 0x1b800 LB 0x324, codepage 0x4e4 (reserved 0x0)] 1bb0.2dd8: ProductName: Kaspersky™ Anti-Virus ® 1bb0.2dd8: ProductVersion: 1.0.0.12 1bb0.2dd8: FileVersion: 1.0.0.12 1bb0.2dd8: FileDescription: Filtering Platform Helper Class 1bb0.2dd8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Programs\VirtualBox' 1bb0.2dd8: Calling main() 1bb0.2dd8: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 1bb0.2dd8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Programs\VirtualBox' 1bb0.2dd8: SUPR3HardenedMain: Respawn #1 1bb0.2dd8: System32: \Device\HarddiskVolume2\Windows\System32 1bb0.2dd8: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS 1bb0.2dd8: KnownDllPath: C:\WINDOWS\System32 1bb0.2dd8: supR3HardenedWinInit: Performing a limited self purification... 1bb0.2dd8: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION 1bb0.2dd8: *0000000000000000-00000000009affff 0x0001/0x0000 0x0000000 1bb0.2dd8: *00000000009b0000-00000000009bffff 0x0004/0x0004 0x0040000 1bb0.2dd8: 00000000009c0000-00000000009cffff 0x0001/0x0000 0x0000000 1bb0.2dd8: *00000000009d0000-00000000009eafff 0x0002/0x0002 0x0040000 1bb0.2dd8: 00000000009eb000-00000000009effff 0x0001/0x0000 0x0000000 1bb0.2dd8: *00000000009f0000-00000000009f3fff 0x0002/0x0002 0x0040000 1bb0.2dd8: 00000000009f4000-00000000009fffff 0x0001/0x0000 0x0000000 1bb0.2dd8: *0000000000a00000-0000000000bc0fff 0x0000/0x0004 0x0020000 1bb0.2dd8: 0000000000bc1000-0000000000bc3fff 0x0004/0x0004 0x0020000 1bb0.2dd8: 0000000000bc4000-0000000000bfffff 0x0000/0x0004 0x0020000 1bb0.2dd8: *0000000000c00000-0000000000cb0fff 0x0000/0x0004 0x0020000 1bb0.2dd8: 0000000000cb1000-0000000000cb3fff 0x0104/0x0004 0x0020000 1bb0.2dd8: 0000000000cb4000-0000000000cfffff 0x0004/0x0004 0x0020000 1bb0.2dd8: *0000000000d00000-0000000000d01fff 0x0004/0x0004 0x0020000 1bb0.2dd8: 0000000000d02000-0000000000d0ffff 0x0001/0x0000 0x0000000 1bb0.2dd8: *0000000000d10000-0000000000dd6fff 0x0002/0x0002 0x0040000 1bb0.2dd8: 0000000000dd7000-0000000000ddffff 0x0001/0x0000 0x0000000 1bb0.2dd8: *0000000000de0000-0000000000de1fff 0x0004/0x0004 0x0020000 1bb0.2dd8: 0000000000de2000-0000000000df9fff 0x0000/0x0004 0x0020000 1bb0.2dd8: 0000000000dfa000-0000000000ebffff 0x0001/0x0000 0x0000000 1bb0.2dd8: *0000000000ec0000-0000000000ec4fff 0x0004/0x0004 0x0020000 1bb0.2dd8: 0000000000ec5000-0000000000fbffff 0x0000/0x0004 0x0020000 1bb0.2dd8: *0000000000fc0000-0000000000fdcfff 0x0004/0x0004 0x0020000 1bb0.2dd8: 0000000000fdd000-00000000010bffff 0x0000/0x0004 0x0020000 1bb0.2dd8: 00000000010c0000-000000000119ffff 0x0001/0x0000 0x0000000 1bb0.2dd8: *00000000011a0000-00000000011aefff 0x0004/0x0004 0x0020000 1bb0.2dd8: 00000000011af000-00000000011affff 0x0000/0x0004 0x0020000 1bb0.2dd8: *00000000011b0000-00000000011b7fff 0x0000/0x0004 0x0020000 1bb0.2dd8: 00000000011b8000-00000000013a8fff 0x0004/0x0004 0x0020000 1bb0.2dd8: 00000000013a9000-00000000013a9fff 0x0000/0x0004 0x0020000 1bb0.2dd8: 00000000013aa000-000000007ffdffff 0x0001/0x0000 0x0000000 1bb0.2dd8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 1bb0.2dd8: 000000007ffe1000-000000007ffe1fff 0x0001/0x0000 0x0000000 1bb0.2dd8: *000000007ffe2000-000000007ffe2fff 0x0002/0x0002 0x0020000 1bb0.2dd8: 000000007ffe3000-00007ff45327ffff 0x0001/0x0000 0x0000000 1bb0.2dd8: *00007ff453280000-00007ff453284fff 0x0002/0x0002 0x0040000 1bb0.2dd8: 00007ff453285000-00007ff45337ffff 0x0000/0x0002 0x0040000 1bb0.2dd8: *00007ff453380000-00007ff55339ffff 0x0000/0x0004 0x0020000 1bb0.2dd8: *00007ff5533a0000-00007ff55539ffff 0x0000/0x0004 0x0020000 1bb0.2dd8: 00007ff5553a0000-00007ff5553a0fff 0x0004/0x0004 0x0020000 1bb0.2dd8: 00007ff5553a1000-00007ff5553affff 0x0001/0x0000 0x0000000 1bb0.2dd8: *00007ff5553b0000-00007ff5553b0fff 0x0002/0x0002 0x0040000 1bb0.2dd8: 00007ff5553b1000-00007ff5553bffff 0x0001/0x0000 0x0000000 1bb0.2dd8: *00007ff5553c0000-00007ff5553e2fff 0x0002/0x0002 0x0040000 1bb0.2dd8: 00007ff5553e3000-00007ff6d419ffff 0x0001/0x0000 0x0000000 1bb0.2dd8: *00007ff6d41a0000-00007ff6d41a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe 1bb0.2dd8: 00007ff6d41a1000-00007ff6d4217fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe 1bb0.2dd8: 00007ff6d4218000-00007ff6d4218fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe 1bb0.2dd8: 00007ff6d4219000-00007ff6d4261fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe 1bb0.2dd8: 00007ff6d4262000-00007ff6d4264fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe 1bb0.2dd8: 00007ff6d4265000-00007ff6d4267fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe 1bb0.2dd8: 00007ff6d4268000-00007ff6d426afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe 1bb0.2dd8: 00007ff6d426b000-00007ff6d426bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe 1bb0.2dd8: 00007ff6d426c000-00007ff6d426dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe 1bb0.2dd8: 00007ff6d426e000-00007ff6d426efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe 1bb0.2dd8: 00007ff6d426f000-00007ff6d42b7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe 1bb0.2dd8: 00007ff6d42b8000-00007ffa3583ffff 0x0001/0x0000 0x0000000 1bb0.2dd8: *00007ffa35840000-00007ffa35840fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 1bb0.2dd8: 00007ffa35841000-00007ffa35946fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 1bb0.2dd8: 00007ffa35947000-00007ffa35aa9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 1bb0.2dd8: 00007ffa35aaa000-00007ffa35aadfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 1bb0.2dd8: 00007ffa35aae000-00007ffa35aaefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 1bb0.2dd8: 00007ffa35aaf000-00007ffa35ae4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 1bb0.2dd8: 00007ffa35ae5000-00007ffa3609ffff 0x0001/0x0000 0x0000000 1bb0.2dd8: *00007ffa360a0000-00007ffa360a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll 1bb0.2dd8: 00007ffa360a1000-00007ffa36115fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll 1bb0.2dd8: 00007ffa36116000-00007ffa36147fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll 1bb0.2dd8: 00007ffa36148000-00007ffa36148fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll 1bb0.2dd8: 00007ffa36149000-00007ffa36149fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll 1bb0.2dd8: 00007ffa3614a000-00007ffa36151fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll 1bb0.2dd8: 00007ffa36152000-00007ffa37b1ffff 0x0001/0x0000 0x0000000 1bb0.2dd8: *00007ffa37b20000-00007ffa37b20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1bb0.2dd8: 00007ffa37b21000-00007ffa37c37fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1bb0.2dd8: 00007ffa37c38000-00007ffa37c7efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1bb0.2dd8: 00007ffa37c7f000-00007ffa37c7ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1bb0.2dd8: 00007ffa37c80000-00007ffa37c81fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1bb0.2dd8: 00007ffa37c82000-00007ffa37c8afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1bb0.2dd8: 00007ffa37c8b000-00007ffa37d0ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1bb0.2dd8: 00007ffa37d10000-00007ffffffeffff 0x0001/0x0000 0x0000000 1bb0.2dd8: kernel32.dll: timestamp 0x2d28261f (rc=VINF_SUCCESS) 1bb0.2dd8: kernelbase.dll: timestamp 0xa8b891f5 (rc=VINF_SUCCESS) 1bb0.2dd8: VirtualBoxVM.exe: timestamp 0x5f89bd71 (rc=VINF_SUCCESS) 1bb0.2dd8: \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 1bb0.2dd8: '\Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe' has no imports 1bb0.2dd8: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 1bb0.2dd8: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0 1bb0.2dd8: \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 1bb0.2dd8: '\Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe' has no imports 1bb0.2dd8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe) 1bb0.2dd8: supR3HardNtEnableThreadCreationEx: 1bb0.2dd8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa37b91df0 pvNtTerminateThread=00007ffa37bbd140 1bb0.2dd8: supR3HardenedWinDoReSpawn(1): New child 1bcc.2eb8 [kernel32]. 1bb0.2dd8: supR3HardNtChildGatherData: PebBaseAddress=0000000000fc0000 cbPeb=0x388 1bb0.2dd8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffa37b20000 uNtDllChildAddr=00007ffa37b20000 1bb0.2dd8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffa37b91df0 1bb0.2dd8: supR3HardenedWinSetupChildInit: Initial context: rax=0000000000000000 rbx=0000000000000000 rcx=00007ff6d41a7900 rdx=0000000000fc0000 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000 rip=00007ffa37b8d4b0 rsp=0000000000ddf958 rbp=0000000000000000 ctxflags=0010001b cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000 1bb0.2dd8: supR3HardenedWinSetupChildInit: Start child. 1bb0.2dd8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms. 1bb0.2dd8: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 59 sleeps 1bb0.2dd8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 1bb0.2dd8: *0000000000000000-0000000000c9ffff 0x0001/0x0000 0x0000000 1bb0.2dd8: *0000000000ca0000-0000000000cbffff 0x0004/0x0004 0x0020000 1bb0.2dd8: *0000000000cc0000-0000000000cdafff 0x0002/0x0002 0x0040000 1bb0.2dd8: 0000000000cdb000-0000000000cdffff 0x0001/0x0000 0x0000000 1bb0.2dd8: *0000000000ce0000-0000000000ddafff 0x0000/0x0004 0x0020000 1bb0.2dd8: 0000000000ddb000-0000000000dddfff 0x0104/0x0004 0x0020000 1bb0.2dd8: 0000000000dde000-0000000000ddffff 0x0004/0x0004 0x0020000 1bb0.2dd8: *0000000000de0000-0000000000de3fff 0x0002/0x0002 0x0040000 1bb0.2dd8: 0000000000de4000-0000000000deffff 0x0001/0x0000 0x0000000 1bb0.2dd8: *0000000000df0000-0000000000df1fff 0x0004/0x0004 0x0020000 1bb0.2dd8: 0000000000df2000-0000000000dfffff 0x0001/0x0000 0x0000000 1bb0.2dd8: *0000000000e00000-0000000000fbffff 0x0000/0x0004 0x0020000 1bb0.2dd8: 0000000000fc0000-0000000000fc2fff 0x0004/0x0004 0x0020000 1bb0.2dd8: 0000000000fc3000-0000000000ffffff 0x0000/0x0004 0x0020000 1bb0.2dd8: 0000000001000000-000000007ffdffff 0x0001/0x0000 0x0000000 1bb0.2dd8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 1bb0.2dd8: 000000007ffe1000-000000007ffe1fff 0x0001/0x0000 0x0000000 1bb0.2dd8: *000000007ffe2000-000000007ffe2fff 0x0002/0x0002 0x0020000 1bb0.2dd8: 000000007ffe3000-00007ff5f658ffff 0x0001/0x0000 0x0000000 1bb0.2dd8: *00007ff5f6590000-00007ff5f6590fff 0x0002/0x0002 0x0040000 1bb0.2dd8: 00007ff5f6591000-00007ff5f659ffff 0x0001/0x0000 0x0000000 1bb0.2dd8: *00007ff5f65a0000-00007ff5f65c2fff 0x0002/0x0002 0x0040000 1bb0.2dd8: 00007ff5f65c3000-00007ff6d419ffff 0x0001/0x0000 0x0000000 1bb0.2dd8: *00007ff6d41a0000-00007ff6d41a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe 1bb0.2dd8: 00007ff6d41a1000-00007ff6d4217fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe 1bb0.2dd8: 00007ff6d4218000-00007ff6d4218fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe 1bb0.2dd8: 00007ff6d4219000-00007ff6d4261fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe 1bb0.2dd8: 00007ff6d4262000-00007ff6d4262fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe 1bb0.2dd8: 00007ff6d4263000-00007ff6d4263fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe 1bb0.2dd8: 00007ff6d4264000-00007ff6d4268fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe 1bb0.2dd8: 00007ff6d4269000-00007ff6d4269fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe 1bb0.2dd8: 00007ff6d426a000-00007ff6d426afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe 1bb0.2dd8: 00007ff6d426b000-00007ff6d426efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe 1bb0.2dd8: 00007ff6d426f000-00007ff6d42b7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe 1bb0.2dd8: 00007ff6d42b8000-00007ffa37b1ffff 0x0001/0x0000 0x0000000 1bb0.2dd8: *00007ffa37b20000-00007ffa37b20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1bb0.2dd8: 00007ffa37b21000-00007ffa37c37fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1bb0.2dd8: 00007ffa37c38000-00007ffa37c7efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1bb0.2dd8: 00007ffa37c7f000-00007ffa37c8afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1bb0.2dd8: 00007ffa37c8b000-00007ffa37c99fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1bb0.2dd8: 00007ffa37c9a000-00007ffa37c9afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1bb0.2dd8: 00007ffa37c9b000-00007ffa37c9dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1bb0.2dd8: 00007ffa37c9e000-00007ffa37d0ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1bb0.2dd8: 00007ffa37d10000-00007ffffffeffff 0x0001/0x0000 0x0000000 1bb0.2dd8: supR3HardNtChildPurify: Done after 531 ms and 0 fixes (loop #0). 1bcc.2eb8: Log file opened: 6.1.16r140961 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047bb00 1bcc.2eb8: supR3HardenedVmProcessInit: uNtDllAddr=00007ffa37b20000 g_uNtVerCombined=0xa047bb00 (stack ~0000000000ddf3e8) 1bcc.2eb8: ntdll.dll: timestamp 0x103a4719 (rc=VINF_SUCCESS) 1bcc.2eb8: New simple heap: #1 0000000001100000 LB 0x400000 (for 2031616 allocation) 1bb0.2dd8: supR3HardNtEnableThreadCreationEx: 1bcc.2eb8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Programs\VirtualBox' 1bcc.2eb8: System32: \Device\HarddiskVolume2\Windows\System32 1bcc.2eb8: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS 1bcc.2eb8: KnownDllPath: C:\WINDOWS\System32 1bcc.2eb8: supR3HardenedVmProcessInit: Opening vboxdrv stub... 1bcc.2eb8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 1bcc.2eb8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 1bcc.2eb8: Registered Dll notification callback with NTDLL. 1bcc.2eb8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) 1bcc.2eb8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll 1bcc.2eb8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] 1bcc.2eb8: supR3HardenedDllNotificationCallback: load 00007ffa35840000 LB 0x002a5000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0] 1bcc.2eb8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) 1bcc.2eb8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 1bcc.2eb8: supR3HardenedDllNotificationCallback: load 00007ffa360a0000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0] 1bcc.2eb8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1bcc.2eb8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa360a0000 'C:\WINDOWS\System32\KERNEL32.DLL' 1bcc.2eb8: supR3HardenedDllNotificationCallback: load 00007ff6d41a0000 LB 0x00118000 D:\Programs\VirtualBox\VirtualBoxVM.exe [fFlags=0x0] 1bcc.2eb8: \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 1bcc.2eb8: '\Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe' has no imports 1bcc.2eb8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe) 1bcc.2eb8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe 1bcc.2eb8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa37b91df0 pvNtTerminateThread=00007ffa37bbd140 1bb0.2dd8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 156 ms. 1bcc.2eb8: \SystemRoot\System32\ntdll.dll: 1bcc.2eb8: CreationTime: 2020-11-16T21:24:26.565758000Z 1bcc.2eb8: LastWriteTime: 2020-11-16T21:24:26.640935300Z 1bcc.2eb8: ChangeTime: 2020-11-16T23:59:56.844820200Z 1bcc.2eb8: FileAttributes: 0x20 1bcc.2eb8: Size: 0x1e8058 1bcc.2eb8: NT Headers: 0xd8 1bcc.2eb8: Timestamp: 0x103a4719 1bcc.2eb8: Machine: 0x8664 - amd64 1bcc.2eb8: Timestamp: 0x103a4719 1bcc.2eb8: Image Version: 10.0 1bcc.2eb8: SizeOfImage: 0x1f0000 (2031616) 1bcc.2eb8: Resource Dir: 0x17f000 LB 0x6f3b8 1bcc.2eb8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 1bcc.2eb8: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)] 1bcc.2eb8: ProductName: Microsoft® Windows® Operating System 1bcc.2eb8: ProductVersion: 10.0.18362.1171 1bcc.2eb8: FileVersion: 10.0.18362.1171 (WinBuild.160101.0800) 1bcc.2eb8: FileDescription: NT Layer DLL 1bcc.2eb8: \SystemRoot\System32\kernel32.dll: 1bcc.2eb8: CreationTime: 2020-10-14T15:41:50.085714300Z 1bcc.2eb8: LastWriteTime: 2020-10-14T15:41:50.135685400Z 1bcc.2eb8: ChangeTime: 2020-11-16T21:27:38.218148600Z 1bcc.2eb8: FileAttributes: 0x20 1bcc.2eb8: Size: 0xb04a0 1bcc.2eb8: NT Headers: 0xf8 1bcc.2eb8: Timestamp: 0x2d28261f 1bcc.2eb8: Machine: 0x8664 - amd64 1bcc.2eb8: Timestamp: 0x2d28261f 1bcc.2eb8: Image Version: 10.0 1bcc.2eb8: SizeOfImage: 0xb2000 (729088) 1bcc.2eb8: Resource Dir: 0xb0000 LB 0x520 1bcc.2eb8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 1bcc.2eb8: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 1bcc.2eb8: ProductName: Microsoft® Windows® Operating System 1bcc.2eb8: ProductVersion: 10.0.18362.1110 1bcc.2eb8: FileVersion: 10.0.18362.1110 (WinBuild.160101.0800) 1bcc.2eb8: FileDescription: Windows NT BASE API Client DLL 1bcc.2eb8: \SystemRoot\System32\KernelBase.dll: 1bcc.2eb8: CreationTime: 2020-10-14T15:42:29.628041900Z 1bcc.2eb8: LastWriteTime: 2020-10-14T15:42:29.814934200Z 1bcc.2eb8: ChangeTime: 2020-11-16T21:27:38.634087800Z 1bcc.2eb8: FileAttributes: 0x20 1bcc.2eb8: Size: 0x2a5a88 1bcc.2eb8: NT Headers: 0x100 1bcc.2eb8: Timestamp: 0xa8b891f5 1bcc.2eb8: Machine: 0x8664 - amd64 1bcc.2eb8: Timestamp: 0xa8b891f5 1bcc.2eb8: Image Version: 10.0 1bcc.2eb8: SizeOfImage: 0x2a5000 (2772992) 1bcc.2eb8: Resource Dir: 0x27f000 LB 0x548 1bcc.2eb8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 1bcc.2eb8: [Raw version resource data: 0x27f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 1bcc.2eb8: ProductName: Microsoft® Windows® Operating System 1bcc.2eb8: ProductVersion: 10.0.18362.1139 1bcc.2eb8: FileVersion: 10.0.18362.1139 (WinBuild.160101.0800) 1bcc.2eb8: FileDescription: Windows NT BASE API Client DLL 1bcc.2eb8: \SystemRoot\System32\apisetschema.dll: 1bcc.2eb8: CreationTime: 2019-03-19T04:43:54.837151500Z 1bcc.2eb8: LastWriteTime: 2019-03-19T04:43:54.837151500Z 1bcc.2eb8: ChangeTime: 2020-11-16T21:27:38.195693000Z 1bcc.2eb8: FileAttributes: 0x20 1bcc.2eb8: Size: 0x1d028 1bcc.2eb8: NT Headers: 0xc8 1bcc.2eb8: Timestamp: 0xd6ced080 1bcc.2eb8: Machine: 0x8664 - amd64 1bcc.2eb8: Timestamp: 0xd6ced080 1bcc.2eb8: Image Version: 10.0 1bcc.2eb8: SizeOfImage: 0x1e000 (122880) 1bcc.2eb8: Resource Dir: 0x1d000 LB 0x408 1bcc.2eb8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 1bcc.2eb8: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 1bcc.2eb8: ProductName: Microsoft® Windows® Operating System 1bcc.2eb8: ProductVersion: 10.0.18362.1 1bcc.2eb8: FileVersion: 10.0.18362.1 (WinBuild.160101.0800) 1bcc.2eb8: FileDescription: ApiSet Schema DLL 1bcc.2eb8: NtOpenDirectoryObject failed on \Driver: 0xc0000022 1bcc.2eb8: supR3HardenedWinFindAdversaries: 0x40 1bcc.2eb8: \SystemRoot\System32\drivers\klflt.sys: 1bcc.2eb8: CreationTime: 2020-07-26T21:02:52.601332800Z 1bcc.2eb8: LastWriteTime: 2020-08-12T13:07:54.541171700Z 1bcc.2eb8: ChangeTime: 2020-08-12T13:07:54.541171700Z 1bcc.2eb8: FileAttributes: 0x20 1bcc.2eb8: Size: 0x3d798 1bcc.2eb8: NT Headers: 0x100 1bcc.2eb8: Timestamp: 0x82e91c41 1bcc.2eb8: Machine: 0x8664 - amd64 1bcc.2eb8: Timestamp: 0x82e91c41 1bcc.2eb8: Image Version: 6.1 1bcc.2eb8: SizeOfImage: 0x4a000 (303104) 1bcc.2eb8: Resource Dir: 0x47000 LB 0x418 1bcc.2eb8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 1bcc.2eb8: [Raw version resource data: 0x47060 LB 0x3b8, codepage 0x0 (reserved 0x0)] 1bcc.2eb8: ProductName: Coretech Delivery 1bcc.2eb8: ProductVersion: 30.437.60.0 1bcc.2eb8: FileVersion: 30.437.60.0 1bcc.2eb8: FileDescription: Filter Core [fre_win7_amd64] 1bcc.2eb8: \SystemRoot\System32\drivers\klif.sys: 1bcc.2eb8: CreationTime: 2020-07-26T21:02:52.712270600Z 1bcc.2eb8: LastWriteTime: 2020-08-12T13:07:54.986919300Z 1bcc.2eb8: ChangeTime: 2020-08-12T13:07:54.986919300Z 1bcc.2eb8: FileAttributes: 0x20 1bcc.2eb8: Size: 0xf3d98 1bcc.2eb8: NT Headers: 0xf8 1bcc.2eb8: Timestamp: 0x5ef8d291 1bcc.2eb8: Machine: 0x8664 - amd64 1bcc.2eb8: Timestamp: 0x5ef8d291 1bcc.2eb8: Image Version: 6.1 1bcc.2eb8: SizeOfImage: 0xf4000 (999424) 1bcc.2eb8: Resource Dir: 0xeb000 LB 0x33f8 1bcc.2eb8: [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)] 1bcc.2eb8: [Raw version resource data: 0xee028 LB 0x3d0, codepage 0x0 (reserved 0x0)] 1bcc.2eb8: ProductName: Coretech Delivery 1bcc.2eb8: ProductVersion: 30.437.60.0 1bcc.2eb8: FileVersion: 30.437.60.0 1bcc.2eb8: FileDescription: Core System Interceptors [fre_win7_amd64] 1bcc.2eb8: \SystemRoot\System32\drivers\klim6.sys: 1bcc.2eb8: CreationTime: 2019-03-19T10:21:06.000000000Z 1bcc.2eb8: LastWriteTime: 2019-03-19T10:21:06.000000000Z 1bcc.2eb8: ChangeTime: 2020-07-26T21:03:27.978256700Z 1bcc.2eb8: FileAttributes: 0x20 1bcc.2eb8: Size: 0xe350 1bcc.2eb8: NT Headers: 0xe0 1bcc.2eb8: Timestamp: 0x54ad405e 1bcc.2eb8: Machine: 0x8664 - amd64 1bcc.2eb8: Timestamp: 0x54ad405e 1bcc.2eb8: Image Version: 6.1 1bcc.2eb8: SizeOfImage: 0xb000 (45056) 1bcc.2eb8: Resource Dir: 0x9000 LB 0x430 1bcc.2eb8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 1bcc.2eb8: [Raw version resource data: 0x9060 LB 0x3cc, codepage 0x0 (reserved 0x0)] 1bcc.2eb8: ProductName: Coretech Delivery 1bcc.2eb8: ProductVersion: 30.0.3724.0 1bcc.2eb8: FileVersion: 30.0.3724.0 1bcc.2eb8: FileDescription: Packet Network Filter [fre_win7_amd64] 1bcc.2eb8: \SystemRoot\System32\drivers\klkbdflt.sys: 1bcc.2eb8: CreationTime: 2020-05-21T00:30:30.000000000Z 1bcc.2eb8: LastWriteTime: 2020-05-21T00:30:30.000000000Z 1bcc.2eb8: ChangeTime: 2020-07-26T21:03:27.229869700Z 1bcc.2eb8: FileAttributes: 0x20 1bcc.2eb8: Size: 0x13790 1bcc.2eb8: NT Headers: 0xf8 1bcc.2eb8: Timestamp: 0x6193eeca 1bcc.2eb8: Machine: 0x8664 - amd64 1bcc.2eb8: Timestamp: 0x6193eeca 1bcc.2eb8: Image Version: 6.1 1bcc.2eb8: SizeOfImage: 0x12000 (73728) 1bcc.2eb8: Resource Dir: 0x10000 LB 0x440 1bcc.2eb8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 1bcc.2eb8: [Raw version resource data: 0x10060 LB 0x3dc, codepage 0x0 (reserved 0x0)] 1bcc.2eb8: ProductName: Coretech Delivery 1bcc.2eb8: ProductVersion: 30.256.110.0 1bcc.2eb8: FileVersion: 30.256.110.0 1bcc.2eb8: FileDescription: Keyboard Device Filter [fre_win7_amd64] 1bcc.2eb8: \SystemRoot\System32\drivers\klmouflt.sys: 1bcc.2eb8: CreationTime: 2019-03-18T04:50:34.000000000Z 1bcc.2eb8: LastWriteTime: 2019-03-18T04:50:34.000000000Z 1bcc.2eb8: ChangeTime: 2020-07-26T21:03:26.960532900Z 1bcc.2eb8: FileAttributes: 0x20 1bcc.2eb8: Size: 0xe878 1bcc.2eb8: NT Headers: 0xe8 1bcc.2eb8: Timestamp: 0xab7b625 1bcc.2eb8: Machine: 0x8664 - amd64 1bcc.2eb8: Timestamp: 0xab7b625 1bcc.2eb8: Image Version: 6.1 1bcc.2eb8: SizeOfImage: 0xe000 (57344) 1bcc.2eb8: Resource Dir: 0xc000 LB 0x430 1bcc.2eb8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 1bcc.2eb8: [Raw version resource data: 0xc060 LB 0x3d0, codepage 0x0 (reserved 0x0)] 1bcc.2eb8: ProductName: Coretech Delivery 1bcc.2eb8: ProductVersion: 30.0.3716.0 1bcc.2eb8: FileVersion: 30.0.3716.0 1bcc.2eb8: FileDescription: Mouse Device Filter [fre_win7_amd64] 1bcc.2eb8: \SystemRoot\System32\drivers\kneps.sys: 1bcc.2eb8: CreationTime: 2020-05-21T00:30:30.000000000Z 1bcc.2eb8: LastWriteTime: 2020-08-12T13:07:55.177832800Z 1bcc.2eb8: ChangeTime: 2020-08-12T13:07:55.177832800Z 1bcc.2eb8: FileAttributes: 0x20 1bcc.2eb8: Size: 0x38f98 1bcc.2eb8: NT Headers: 0x108 1bcc.2eb8: Timestamp: 0x5f4eb836 1bcc.2eb8: Machine: 0x8664 - amd64 1bcc.2eb8: Timestamp: 0x5f4eb836 1bcc.2eb8: Image Version: 6.1 1bcc.2eb8: SizeOfImage: 0x38000 (229376) 1bcc.2eb8: Resource Dir: 0x35000 LB 0x428 1bcc.2eb8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 1bcc.2eb8: [Raw version resource data: 0x35060 LB 0x3c4, codepage 0x0 (reserved 0x0)] 1bcc.2eb8: ProductName: Coretech Delivery 1bcc.2eb8: ProductVersion: 30.437.53.0 1bcc.2eb8: FileVersion: 30.437.53.0 1bcc.2eb8: FileDescription: Network Processor [fre_win7_amd64] 1bcc.2eb8: \SystemRoot\System32\klfphc.dll: 1bcc.2eb8: CreationTime: 2020-07-26T21:03:25.440937400Z 1bcc.2eb8: LastWriteTime: 2013-05-06T11:13:26.000000000Z 1bcc.2eb8: ChangeTime: 2020-07-26T21:03:02.615376700Z 1bcc.2eb8: FileAttributes: 0x20 1bcc.2eb8: Size: 0x1ae60 1bcc.2eb8: NT Headers: 0xe8 1bcc.2eb8: Timestamp: 0x51873bf2 1bcc.2eb8: Machine: 0x8664 - amd64 1bcc.2eb8: Timestamp: 0x51873bf2 1bcc.2eb8: Image Version: 0.0 1bcc.2eb8: SizeOfImage: 0x1d000 (118784) 1bcc.2eb8: Resource Dir: 0x18000 LB 0x3c80 1bcc.2eb8: [Version info resource found at 0x188! (ID/Name: 0x1; SubID/SubName: 0x409)] 1bcc.2eb8: [Raw version resource data: 0x1b800 LB 0x324, codepage 0x4e4 (reserved 0x0)] 1bcc.2eb8: ProductName: Kaspersky™ Anti-Virus ® 1bcc.2eb8: ProductVersion: 1.0.0.12 1bcc.2eb8: FileVersion: 1.0.0.12 1bcc.2eb8: FileDescription: Filtering Platform Helper Class 1bcc.2eb8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Programs\VirtualBox' 1bcc.2eb8: Calling main() 1bcc.2eb8: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 1bcc.2eb8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Programs\VirtualBox' 1bcc.2eb8: \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 1bcc.2eb8: '\Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe' has no imports 1bcc.2eb8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe) 1bcc.2eb8: SUPR3HardenedMain: Respawn #2 1bcc.2eb8: supR3HardNtEnableThreadCreationEx: 1bcc.2eb8: supR3HardenedDllNotificationCallback: load 00007ffa37480000 LB 0x00120000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0] 1bcc.2eb8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll) 1bcc.2eb8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 1bcc.2eb8: supR3HardenedDllNotificationCallback: load 00007ffa37750000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0] 1bcc.2eb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'. 1bcc.2eb8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll) 1bcc.2eb8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll 1bcc.2eb8: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 1bcc.2eb8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll) 1bcc.2eb8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1bcc.2eb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1bcc.2eb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1bcc.2eb8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1bcc.2eb8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 1bcc.2eb8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa37b20000 'C:\WINDOWS\System32\ntdll.dll' 1bcc.2eb8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa37b91df0 pvNtTerminateThread=00007ffa37bbd140 1bcc.2eb8: supR3HardenedWinDoReSpawn(2): New child a0c.2cf4 [kernel32]. 1bcc.2eb8: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless) 1bcc.2eb8: supR3HardNtChildGatherData: PebBaseAddress=00000000008dc000 cbPeb=0x388 1bcc.2eb8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffa37b20000 uNtDllChildAddr=00007ffa37b20000 1bcc.2eb8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffa37b91df0 1bcc.2eb8: supR3HardenedWinSetupChildInit: Initial context: rax=0000000000000000 rbx=0000000000000000 rcx=00007ff6d41a7900 rdx=00000000008dc000 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000 rip=00007ffa37b8d4b0 rsp=0000000000aff998 rbp=0000000000000000 ctxflags=0010001b cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000 1bcc.2eb8: kernel32.dll: timestamp 0x2d28261f (rc=VINF_SUCCESS) 1bcc.2eb8: supR3HardenedWinSetupChildInit: Start child. 1bcc.2eb8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 1bcc.2eb8: supR3HardNtChildPurify: Startup delay kludge #1/0: 521 ms, 60 sleeps 1bcc.2eb8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 1bcc.2eb8: *0000000000000000-00000000006dffff 0x0001/0x0000 0x0000000 1bcc.2eb8: *00000000006e0000-00000000006fffff 0x0004/0x0004 0x0020000 1bcc.2eb8: *0000000000700000-000000000071afff 0x0002/0x0002 0x0040000 1bcc.2eb8: 000000000071b000-000000000071ffff 0x0001/0x0000 0x0000000 1bcc.2eb8: *0000000000720000-0000000000723fff 0x0002/0x0002 0x0040000 1bcc.2eb8: 0000000000724000-000000000072ffff 0x0001/0x0000 0x0000000 1bcc.2eb8: *0000000000730000-0000000000731fff 0x0004/0x0004 0x0020000 1bcc.2eb8: 0000000000732000-00000000007fffff 0x0001/0x0000 0x0000000 1bcc.2eb8: *0000000000800000-00000000008dbfff 0x0000/0x0004 0x0020000 1bcc.2eb8: 00000000008dc000-00000000008defff 0x0004/0x0004 0x0020000 1bcc.2eb8: 00000000008df000-00000000009fffff 0x0000/0x0004 0x0020000 1bcc.2eb8: *0000000000a00000-0000000000afafff 0x0000/0x0004 0x0020000 1bcc.2eb8: 0000000000afb000-0000000000afdfff 0x0104/0x0004 0x0020000 1bcc.2eb8: 0000000000afe000-0000000000afffff 0x0004/0x0004 0x0020000 1bcc.2eb8: 0000000000b00000-000000007ffdffff 0x0001/0x0000 0x0000000 1bcc.2eb8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 1bcc.2eb8: 000000007ffe1000-000000007ffe1fff 0x0001/0x0000 0x0000000 1bcc.2eb8: *000000007ffe2000-000000007ffe2fff 0x0002/0x0002 0x0020000 1bcc.2eb8: 000000007ffe3000-00007ff53ba3ffff 0x0001/0x0000 0x0000000 1bcc.2eb8: *00007ff53ba40000-00007ff53ba40fff 0x0002/0x0002 0x0040000 1bcc.2eb8: 00007ff53ba41000-00007ff53ba4ffff 0x0001/0x0000 0x0000000 1bcc.2eb8: *00007ff53ba50000-00007ff53ba72fff 0x0002/0x0002 0x0040000 1bcc.2eb8: 00007ff53ba73000-00007ff6d419ffff 0x0001/0x0000 0x0000000 1bcc.2eb8: *00007ff6d41a0000-00007ff6d41a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe 1bcc.2eb8: 00007ff6d41a1000-00007ff6d4217fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe 1bcc.2eb8: 00007ff6d4218000-00007ff6d4218fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe 1bcc.2eb8: 00007ff6d4219000-00007ff6d4261fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe 1bcc.2eb8: 00007ff6d4262000-00007ff6d4262fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe 1bcc.2eb8: 00007ff6d4263000-00007ff6d4263fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe 1bcc.2eb8: 00007ff6d4264000-00007ff6d4268fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe 1bcc.2eb8: 00007ff6d4269000-00007ff6d4269fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe 1bcc.2eb8: 00007ff6d426a000-00007ff6d426afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe 1bcc.2eb8: 00007ff6d426b000-00007ff6d426efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe 1bcc.2eb8: 00007ff6d426f000-00007ff6d42b7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe 1bcc.2eb8: 00007ff6d42b8000-00007ffa37b1ffff 0x0001/0x0000 0x0000000 1bcc.2eb8: *00007ffa37b20000-00007ffa37b20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1bcc.2eb8: 00007ffa37b21000-00007ffa37c37fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1bcc.2eb8: 00007ffa37c38000-00007ffa37c7efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1bcc.2eb8: 00007ffa37c7f000-00007ffa37c8afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1bcc.2eb8: 00007ffa37c8b000-00007ffa37c99fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1bcc.2eb8: 00007ffa37c9a000-00007ffa37c9afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1bcc.2eb8: 00007ffa37c9b000-00007ffa37c9dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1bcc.2eb8: 00007ffa37c9e000-00007ffa37d0ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1bcc.2eb8: 00007ffa37d10000-00007ffffffeffff 0x0001/0x0000 0x0000000 1bcc.2eb8: VirtualBoxVM.exe: timestamp 0x5f89bd71 (rc=VINF_SUCCESS) 1bcc.2eb8: \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 1bcc.2eb8: '\Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe' has no imports 1bcc.2eb8: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 1bcc.2eb8: supR3HardNtChildPurify: Done after 589 ms and 0 fixes (loop #0). a0c.2cf4: Log file opened: 6.1.16r140961 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047bb00 a0c.2cf4: supR3HardenedVmProcessInit: uNtDllAddr=00007ffa37b20000 g_uNtVerCombined=0xa047bb00 (stack ~0000000000aff428) a0c.2cf4: ntdll.dll: timestamp 0x103a4719 (rc=VINF_SUCCESS) 1bcc.2eb8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001100000 LB 0x400000) a0c.2cf4: New simple heap: #1 0000000000c00000 LB 0x400000 (for 2031616 allocation) 1bcc.2eb8: supR3HardNtEnableThreadCreationEx: a0c.2cf4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Programs\VirtualBox' a0c.2cf4: System32: \Device\HarddiskVolume2\Windows\System32 a0c.2cf4: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS a0c.2cf4: KnownDllPath: C:\WINDOWS\System32 a0c.2cf4: supR3HardenedVmProcessInit: Opening vboxdrv... a0c.2cf4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... a0c.2cf4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... a0c.2cf4: Registered Dll notification callback with NTDLL. a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] a0c.2cf4: supR3HardenedDllNotificationCallback: load 00007ffa35840000 LB 0x002a5000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0] a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll a0c.2cf4: supR3HardenedDllNotificationCallback: load 00007ffa360a0000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0] a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa360a0000 'C:\WINDOWS\System32\KERNEL32.DLL' a0c.2cf4: supR3HardenedDllNotificationCallback: load 00007ff6d41a0000 LB 0x00118000 D:\Programs\VirtualBox\VirtualBoxVM.exe [fFlags=0x0] a0c.2cf4: \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 a0c.2cf4: '\Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe' has no imports a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe a0c.2cf4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa37b91df0 pvNtTerminateThread=00007ffa37bbd140 1bcc.2eb8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 144 ms. a0c.2cf4: \SystemRoot\System32\ntdll.dll: a0c.2cf4: CreationTime: 2020-11-16T21:24:26.565758000Z a0c.2cf4: LastWriteTime: 2020-11-16T21:24:26.640935300Z a0c.2cf4: ChangeTime: 2020-11-16T23:59:56.844820200Z a0c.2cf4: FileAttributes: 0x20 a0c.2cf4: Size: 0x1e8058 a0c.2cf4: NT Headers: 0xd8 a0c.2cf4: Timestamp: 0x103a4719 a0c.2cf4: Machine: 0x8664 - amd64 a0c.2cf4: Timestamp: 0x103a4719 a0c.2cf4: Image Version: 10.0 a0c.2cf4: SizeOfImage: 0x1f0000 (2031616) a0c.2cf4: Resource Dir: 0x17f000 LB 0x6f3b8 a0c.2cf4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] a0c.2cf4: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)] a0c.2cf4: ProductName: Microsoft® Windows® Operating System a0c.2cf4: ProductVersion: 10.0.18362.1171 a0c.2cf4: FileVersion: 10.0.18362.1171 (WinBuild.160101.0800) a0c.2cf4: FileDescription: NT Layer DLL a0c.2cf4: \SystemRoot\System32\kernel32.dll: a0c.2cf4: CreationTime: 2020-10-14T15:41:50.085714300Z a0c.2cf4: LastWriteTime: 2020-10-14T15:41:50.135685400Z a0c.2cf4: ChangeTime: 2020-11-16T21:27:38.218148600Z a0c.2cf4: FileAttributes: 0x20 a0c.2cf4: Size: 0xb04a0 a0c.2cf4: NT Headers: 0xf8 a0c.2cf4: Timestamp: 0x2d28261f a0c.2cf4: Machine: 0x8664 - amd64 a0c.2cf4: Timestamp: 0x2d28261f a0c.2cf4: Image Version: 10.0 a0c.2cf4: SizeOfImage: 0xb2000 (729088) a0c.2cf4: Resource Dir: 0xb0000 LB 0x520 a0c.2cf4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] a0c.2cf4: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] a0c.2cf4: ProductName: Microsoft® Windows® Operating System a0c.2cf4: ProductVersion: 10.0.18362.1110 a0c.2cf4: FileVersion: 10.0.18362.1110 (WinBuild.160101.0800) a0c.2cf4: FileDescription: Windows NT BASE API Client DLL a0c.2cf4: \SystemRoot\System32\KernelBase.dll: a0c.2cf4: CreationTime: 2020-10-14T15:42:29.628041900Z a0c.2cf4: LastWriteTime: 2020-10-14T15:42:29.814934200Z a0c.2cf4: ChangeTime: 2020-11-16T21:27:38.634087800Z a0c.2cf4: FileAttributes: 0x20 a0c.2cf4: Size: 0x2a5a88 a0c.2cf4: NT Headers: 0x100 a0c.2cf4: Timestamp: 0xa8b891f5 a0c.2cf4: Machine: 0x8664 - amd64 a0c.2cf4: Timestamp: 0xa8b891f5 a0c.2cf4: Image Version: 10.0 a0c.2cf4: SizeOfImage: 0x2a5000 (2772992) a0c.2cf4: Resource Dir: 0x27f000 LB 0x548 a0c.2cf4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] a0c.2cf4: [Raw version resource data: 0x27f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] a0c.2cf4: ProductName: Microsoft® Windows® Operating System a0c.2cf4: ProductVersion: 10.0.18362.1139 a0c.2cf4: FileVersion: 10.0.18362.1139 (WinBuild.160101.0800) a0c.2cf4: FileDescription: Windows NT BASE API Client DLL a0c.2cf4: \SystemRoot\System32\apisetschema.dll: a0c.2cf4: CreationTime: 2019-03-19T04:43:54.837151500Z a0c.2cf4: LastWriteTime: 2019-03-19T04:43:54.837151500Z a0c.2cf4: ChangeTime: 2020-11-16T21:27:38.195693000Z a0c.2cf4: FileAttributes: 0x20 a0c.2cf4: Size: 0x1d028 a0c.2cf4: NT Headers: 0xc8 a0c.2cf4: Timestamp: 0xd6ced080 a0c.2cf4: Machine: 0x8664 - amd64 a0c.2cf4: Timestamp: 0xd6ced080 a0c.2cf4: Image Version: 10.0 a0c.2cf4: SizeOfImage: 0x1e000 (122880) a0c.2cf4: Resource Dir: 0x1d000 LB 0x408 a0c.2cf4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] a0c.2cf4: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)] a0c.2cf4: ProductName: Microsoft® Windows® Operating System a0c.2cf4: ProductVersion: 10.0.18362.1 a0c.2cf4: FileVersion: 10.0.18362.1 (WinBuild.160101.0800) a0c.2cf4: FileDescription: ApiSet Schema DLL a0c.2cf4: NtOpenDirectoryObject failed on \Driver: 0xc0000022 a0c.2cf4: supR3HardenedWinFindAdversaries: 0x40 a0c.2cf4: \SystemRoot\System32\drivers\klflt.sys: a0c.2cf4: CreationTime: 2020-07-26T21:02:52.601332800Z a0c.2cf4: LastWriteTime: 2020-08-12T13:07:54.541171700Z a0c.2cf4: ChangeTime: 2020-08-12T13:07:54.541171700Z a0c.2cf4: FileAttributes: 0x20 a0c.2cf4: Size: 0x3d798 a0c.2cf4: NT Headers: 0x100 a0c.2cf4: Timestamp: 0x82e91c41 a0c.2cf4: Machine: 0x8664 - amd64 a0c.2cf4: Timestamp: 0x82e91c41 a0c.2cf4: Image Version: 6.1 a0c.2cf4: SizeOfImage: 0x4a000 (303104) a0c.2cf4: Resource Dir: 0x47000 LB 0x418 a0c.2cf4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] a0c.2cf4: [Raw version resource data: 0x47060 LB 0x3b8, codepage 0x0 (reserved 0x0)] a0c.2cf4: ProductName: Coretech Delivery a0c.2cf4: ProductVersion: 30.437.60.0 a0c.2cf4: FileVersion: 30.437.60.0 a0c.2cf4: FileDescription: Filter Core [fre_win7_amd64] a0c.2cf4: \SystemRoot\System32\drivers\klif.sys: a0c.2cf4: CreationTime: 2020-07-26T21:02:52.712270600Z a0c.2cf4: LastWriteTime: 2020-08-12T13:07:54.986919300Z a0c.2cf4: ChangeTime: 2020-08-12T13:07:54.986919300Z a0c.2cf4: FileAttributes: 0x20 a0c.2cf4: Size: 0xf3d98 a0c.2cf4: NT Headers: 0xf8 a0c.2cf4: Timestamp: 0x5ef8d291 a0c.2cf4: Machine: 0x8664 - amd64 a0c.2cf4: Timestamp: 0x5ef8d291 a0c.2cf4: Image Version: 6.1 a0c.2cf4: SizeOfImage: 0xf4000 (999424) a0c.2cf4: Resource Dir: 0xeb000 LB 0x33f8 a0c.2cf4: [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)] a0c.2cf4: [Raw version resource data: 0xee028 LB 0x3d0, codepage 0x0 (reserved 0x0)] a0c.2cf4: ProductName: Coretech Delivery a0c.2cf4: ProductVersion: 30.437.60.0 a0c.2cf4: FileVersion: 30.437.60.0 a0c.2cf4: FileDescription: Core System Interceptors [fre_win7_amd64] a0c.2cf4: \SystemRoot\System32\drivers\klim6.sys: a0c.2cf4: CreationTime: 2019-03-19T10:21:06.000000000Z a0c.2cf4: LastWriteTime: 2019-03-19T10:21:06.000000000Z a0c.2cf4: ChangeTime: 2020-07-26T21:03:27.978256700Z a0c.2cf4: FileAttributes: 0x20 a0c.2cf4: Size: 0xe350 a0c.2cf4: NT Headers: 0xe0 a0c.2cf4: Timestamp: 0x54ad405e a0c.2cf4: Machine: 0x8664 - amd64 a0c.2cf4: Timestamp: 0x54ad405e a0c.2cf4: Image Version: 6.1 a0c.2cf4: SizeOfImage: 0xb000 (45056) a0c.2cf4: Resource Dir: 0x9000 LB 0x430 a0c.2cf4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] a0c.2cf4: [Raw version resource data: 0x9060 LB 0x3cc, codepage 0x0 (reserved 0x0)] a0c.2cf4: ProductName: Coretech Delivery a0c.2cf4: ProductVersion: 30.0.3724.0 a0c.2cf4: FileVersion: 30.0.3724.0 a0c.2cf4: FileDescription: Packet Network Filter [fre_win7_amd64] a0c.2cf4: \SystemRoot\System32\drivers\klkbdflt.sys: a0c.2cf4: CreationTime: 2020-05-21T00:30:30.000000000Z a0c.2cf4: LastWriteTime: 2020-05-21T00:30:30.000000000Z a0c.2cf4: ChangeTime: 2020-07-26T21:03:27.229869700Z a0c.2cf4: FileAttributes: 0x20 a0c.2cf4: Size: 0x13790 a0c.2cf4: NT Headers: 0xf8 a0c.2cf4: Timestamp: 0x6193eeca a0c.2cf4: Machine: 0x8664 - amd64 a0c.2cf4: Timestamp: 0x6193eeca a0c.2cf4: Image Version: 6.1 a0c.2cf4: SizeOfImage: 0x12000 (73728) a0c.2cf4: Resource Dir: 0x10000 LB 0x440 a0c.2cf4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] a0c.2cf4: [Raw version resource data: 0x10060 LB 0x3dc, codepage 0x0 (reserved 0x0)] a0c.2cf4: ProductName: Coretech Delivery a0c.2cf4: ProductVersion: 30.256.110.0 a0c.2cf4: FileVersion: 30.256.110.0 a0c.2cf4: FileDescription: Keyboard Device Filter [fre_win7_amd64] a0c.2cf4: \SystemRoot\System32\drivers\klmouflt.sys: a0c.2cf4: CreationTime: 2019-03-18T04:50:34.000000000Z a0c.2cf4: LastWriteTime: 2019-03-18T04:50:34.000000000Z a0c.2cf4: ChangeTime: 2020-07-26T21:03:26.960532900Z a0c.2cf4: FileAttributes: 0x20 a0c.2cf4: Size: 0xe878 a0c.2cf4: NT Headers: 0xe8 a0c.2cf4: Timestamp: 0xab7b625 a0c.2cf4: Machine: 0x8664 - amd64 a0c.2cf4: Timestamp: 0xab7b625 a0c.2cf4: Image Version: 6.1 a0c.2cf4: SizeOfImage: 0xe000 (57344) a0c.2cf4: Resource Dir: 0xc000 LB 0x430 a0c.2cf4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] a0c.2cf4: [Raw version resource data: 0xc060 LB 0x3d0, codepage 0x0 (reserved 0x0)] a0c.2cf4: ProductName: Coretech Delivery a0c.2cf4: ProductVersion: 30.0.3716.0 a0c.2cf4: FileVersion: 30.0.3716.0 a0c.2cf4: FileDescription: Mouse Device Filter [fre_win7_amd64] a0c.2cf4: \SystemRoot\System32\drivers\kneps.sys: a0c.2cf4: CreationTime: 2020-05-21T00:30:30.000000000Z a0c.2cf4: LastWriteTime: 2020-08-12T13:07:55.177832800Z a0c.2cf4: ChangeTime: 2020-08-12T13:07:55.177832800Z a0c.2cf4: FileAttributes: 0x20 a0c.2cf4: Size: 0x38f98 a0c.2cf4: NT Headers: 0x108 a0c.2cf4: Timestamp: 0x5f4eb836 a0c.2cf4: Machine: 0x8664 - amd64 a0c.2cf4: Timestamp: 0x5f4eb836 a0c.2cf4: Image Version: 6.1 a0c.2cf4: SizeOfImage: 0x38000 (229376) a0c.2cf4: Resource Dir: 0x35000 LB 0x428 a0c.2cf4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] a0c.2cf4: [Raw version resource data: 0x35060 LB 0x3c4, codepage 0x0 (reserved 0x0)] a0c.2cf4: ProductName: Coretech Delivery a0c.2cf4: ProductVersion: 30.437.53.0 a0c.2cf4: FileVersion: 30.437.53.0 a0c.2cf4: FileDescription: Network Processor [fre_win7_amd64] a0c.2cf4: \SystemRoot\System32\klfphc.dll: a0c.2cf4: CreationTime: 2020-07-26T21:03:25.440937400Z a0c.2cf4: LastWriteTime: 2013-05-06T11:13:26.000000000Z a0c.2cf4: ChangeTime: 2020-07-26T21:03:02.615376700Z a0c.2cf4: FileAttributes: 0x20 a0c.2cf4: Size: 0x1ae60 a0c.2cf4: NT Headers: 0xe8 a0c.2cf4: Timestamp: 0x51873bf2 a0c.2cf4: Machine: 0x8664 - amd64 a0c.2cf4: Timestamp: 0x51873bf2 a0c.2cf4: Image Version: 0.0 a0c.2cf4: SizeOfImage: 0x1d000 (118784) a0c.2cf4: Resource Dir: 0x18000 LB 0x3c80 a0c.2cf4: [Version info resource found at 0x188! (ID/Name: 0x1; SubID/SubName: 0x409)] a0c.2cf4: [Raw version resource data: 0x1b800 LB 0x324, codepage 0x4e4 (reserved 0x0)] a0c.2cf4: ProductName: Kaspersky™ Anti-Virus ® a0c.2cf4: ProductVersion: 1.0.0.12 a0c.2cf4: FileVersion: 1.0.0.12 a0c.2cf4: FileDescription: Filtering Platform Helper Class a0c.2cf4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Programs\VirtualBox' a0c.2cf4: Calling main() a0c.2cf4: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 a0c.2cf4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Programs\VirtualBox' a0c.2cf4: \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 a0c.2cf4: '\Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe' has no imports a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe) a0c.2cf4: SUPR3HardenedMain: Final process, opening VBoxDrv... a0c.2cf4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000c00000 LB 0x400000) a0c.2cf4: supR3HardNtEnableThreadCreationEx: a0c.2cf4: \Device\HarddiskVolume4\Programs\VirtualBox\VBoxSupLib.dll: Signature #1/2: info status: 24202 a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Programs\VirtualBox\VBoxSupLib.dll) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Programs\VirtualBox\VBoxSupLib.dll a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=D:\Programs\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] a0c.2cf4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Programs\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedDllNotificationCallback: load 00007ffa32900000 LB 0x00005000 D:\Programs\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Programs\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Programs\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=D:\Programs\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa32900000 'D:\Programs\VirtualBox\VBoxSupLib.DLL' a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Programs\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=D:\Programs\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa32900000 'D:\Programs\VirtualBox\VBoxSupLib.DLL' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa32900000 'D:\Programs\VirtualBox\VBoxSupLib.DLL' a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'. a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msasn1.dll'. a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] a0c.2cf4: supR3HardenedDllNotificationCallback: load 00007ffa36910000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0] a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedDllNotificationCallback: load 00007ffa349e0000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0] a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedDllNotificationCallback: load 00007ffa34e60000 LB 0x000fa000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0] a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ucrtbase.dll a0c.2cf4: supR3HardenedDllNotificationCallback: load 00007ffa34d10000 LB 0x00149000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0] a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedDllNotificationCallback: load 00007ffa37480000 LB 0x00120000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0] a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedDllNotificationCallback: load 00007ffa34a70000 LB 0x0005c000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0] a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa35840000 'api-ms-win-core-synch-l1-2-0' a0c.2cf4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa35840000 'api-ms-win-core-fibers-l1-1-1' a0c.2cf4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa35840000 'api-ms-win-core-fibers-l1-1-1' a0c.2cf4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa35840000 'api-ms-win-core-synch-l1-2-0' a0c.2cf4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1 a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa35840000 'api-ms-win-core-localization-l1-2-1' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34a70000 'C:\WINDOWS\system32\Wintrust.dll' a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] a0c.2cf4: supR3HardenedDllNotificationCallback: load 00007ffa35af0000 LB 0x00026000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0] a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa35af0000 'C:\WINDOWS\system32\bcrypt.dll' a0c.2cf4: bcrypt.dll loaded at 00007ffa35af0000, BCryptOpenAlgorithmProvider at 00007ffa35af4c70, preloading providers: a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedDllNotificationCallback: load 00007ffa35b20000 LB 0x00080000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0] a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa35b20000 'C:\WINDOWS\system32\bcryptprimitives.dll' a0c.2cf4: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000010fdbd0) a0c.2cf4: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000010ff140) a0c.2cf4: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000010ff440) a0c.2cf4: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000010ff740) a0c.2cf4: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000010ffa40) a0c.2cf4: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000010ffd40) a0c.2cf4: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000001100040) a0c.2cf4: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000001100340) a0c.2cf4: supR3HardenedDllNotificationCallback: load 00007ffa34f60000 LB 0x00017000 C:\WINDOWS\System32\CRYPTSP.dll [fFlags=0x0] a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'. a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedDllNotificationCallback: load 00007ffa33d60000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0] a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'. a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll a0c.2cf4: supR3HardenedDllNotificationCallback: load 00007ffa343c0000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0] a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa360a0000 'C:\WINDOWS\System32\kernel32.dll' a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34a70000 'C:\WINDOWS\System32\WINTRUST.DLL' a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\System32\CRYPT32.dll' a0c.2cf4: supR3HardenedDllNotificationCallback: load 00007ffa37860000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0] a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'. a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedDllNotificationCallback: load 00007ffa37750000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0] a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'. a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'. a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll a0c.2cf4: supR3HardenedDllNotificationCallback: load 00007ffa33590000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0] a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedDllNotificationCallback: load 00007ffa349b0000 LB 0x00023000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0] a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'. a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedDllNotificationCallback: load 00007ffa0afb0000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0] a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa0afb0000 'C:\WINDOWS\System32\cryptnet.dll' a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa0afb0000 'C:\WINDOWS\System32\cryptnet.dll' a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa0afb0000 'C:\WINDOWS\System32\cryptnet.dll' a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa0afb0000 'C:\WINDOWS\System32\cryptnet.dll' a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa0afb0000 'C:\WINDOWS\System32\cryptnet.dll' a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa0afb0000 'C:\WINDOWS\System32\cryptnet.dll' a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa0afb0000 'C:\WINDOWS\System32\cryptnet.dll' a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa0afb0000 'C:\WINDOWS\System32\cryptnet.dll' a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa0afb0000 'C:\WINDOWS\System32\cryptnet.dll' a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa0afb0000 'C:\WINDOWS\System32\cryptnet.dll' a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa0afb0000 'C:\WINDOWS\System32\cryptnet.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa0afb0000 'C:\WINDOWS\System32\cryptnet.dll' a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa0afb0000 'C:\Windows\System32\cryptnet.dll' a0c.2cf4: supR3HardenedDllNotificationCallback: load 00007ffa375d0000 LB 0x000a3000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0] a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'. a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\System32\crypt32.dll' a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000011a0380 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011a0380 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F0BC8053E84666DD00B73F2861A22FB7C33BA49B a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa37480000 'C:\WINDOWS\System32\rpcrt4.dll' a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168) a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000119f900 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000119f900 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=C6B2B4CE04D1561A822C7138100DBD6528A46F4B099B8B3D330C5AF2A1140726 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168) a0c.2cf4: g_pfnWinVerifyTrust=00007ffa34a71d30 a0c.2cf4: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust] a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\System32\crypt32.dll' a0c.2cf4: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' a0c.2cf4: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust] a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\System32\crypt32.dll' a0c.2cf4: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll' a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\System32\crypt32.dll' a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000394 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011a0380 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011a0380 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=09032EBC3D9D9BDDC0EE4A6463C043296B79FF20 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0) a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000119fa80 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000119fa80 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=09032EBC3D9D9BDDC0EE4A6463C043296B79FF20 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168) a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000119f900 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000119f900 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=22186588BDA4845FA9E0DBF8BEA457D094106A66CEA15B5F867FB5BDCE35A45C a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0) a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000119fb40 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000119fb40 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=22186588BDA4845FA9E0DBF8BEA457D094106A66CEA15B5F867FB5BDCE35A45C a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168) a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll' a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\System32\crypt32.dll' a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll' a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\System32\crypt32.dll' a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll' a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\System32\crypt32.dll' a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll' a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\System32\crypt32.dll' a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll' a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\System32\crypt32.dll' a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll' a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\System32\crypt32.dll' a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\System32\crypt32.dll' a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\System32\crypt32.dll' a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\System32\crypt32.dll' a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\System32\crypt32.dll' a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\System32\crypt32.dll' a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\System32\crypt32.dll' a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\System32\crypt32.dll' a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Programs\VirtualBox\VBoxSupLib.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.exe' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\System32\crypt32.dll' a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\System32\crypt32.dll' a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\system32\crypt32.dll' a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011 a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xc052a853187eb800 CN=Warsaw Personal CA a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010 a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xad7c14a730fcb800 O=AO Kaspersky Lab, CN=Kaspersky Anti-Virus Personal Root Certificate a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018 a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018 a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014 a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xa12b07674f1bf600 C=US, O=AffirmTrust, CN=AffirmTrust Commercial a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3 a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2 a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3 a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0x1591b8ac8dcabd00 C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xcb7d2ba3dd0ff900 C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority RSA a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2 a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0x40e7dd0ea446ba00 C=BR, O=ICP-Brasil, OU=Instituto Nacional de Tecnologia da Informacao - ITI, CN=Autoridade Certificadora Raiz Brasileira v2 a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0x4ef92ac43a0cd500 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2 a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xef62113787ebace5 C=US, O=GeoTrust Inc., OU=(c) 2007 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G2 a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2 a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xc66d30927ebce400 C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xef477acf4ab2d300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009 a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03 a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048) a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2 a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1 a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xb9ff821d139e9bf OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3 a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3 a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018 a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3 a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0x39bb496d7f0fc200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Development Root Certificate Authority 2014 a0c.2cf4: supR3HardenedWinIsDesiredRootCA: Adding 0x90c7c28610d2ed15 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Development Root Certificate Authority 2018 a0c.2cf4: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=67 a0c.2cf4: SUPR3HardenedMain: Load Runtime... a0c.2cf4: \Device\HarddiskVolume4\Programs\VirtualBox\VBoxRT.dll: Signature #1/2: info status: 24202 a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Programs\VirtualBox\VBoxRT.dll) WinVerifyTrust a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Programs\VirtualBox\VBoxRT.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\System32\crypt32.dll' a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Programs\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] a0c.2cf4: \Device\HarddiskVolume4\Programs\VirtualBox\msvcp100.dll: Signature #1/2: info status: 24202 a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Programs\VirtualBox\msvcp100.dll) WinVerifyTrust a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Programs\VirtualBox\msvcp100.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] a0c.2cf4: \Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202 a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] a0c.2cf4: \Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202 a0c.2cf4: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll) WinVerifyTrust a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=D:\Programs\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01: [calling] a0c.2cf4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Programs\VirtualBox\VBoxRT.dll a0c.2cf4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust] a0c.2cf4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Programs\VirtualBox\msvcp100.dll a0c.2cf4: supR3HardenedDllNotificationCallback: load 000000005a4e0000 LB 0x000d2000 D:\Programs\VirtualBox\MSVCR100.dll [fFlags=0x0] a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust] a0c.2cf4: supR3HardenedDllNotificationCallback: load 0000000059960000 LB 0x00098000 D:\Programs\VirtualBox\MSVCP100.dll [fFlags=0x0] a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Programs\VirtualBox\msvcp100.dll a0c.2cf4: supR3HardenedDllNotificationCallback: load 00007ffa36750000 LB 0x0006f000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0] a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll a0c.2cf4: supR3HardenedDllNotificationCallback: load 00007ff9f3230000 LB 0x005e1000 D:\Programs\VirtualBox\VBoxRT.dll [fFlags=0x0] a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Programs\VirtualBox\VBoxRT.dll a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Programs\VirtualBox\VBoxRT.dll a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=D:\Programs\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3230000 'D:\Programs\VirtualBox\VBoxRT.dll' a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Programs\VirtualBox\VBoxRT.dll a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=D:\Programs\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3230000 'D:\Programs\VirtualBox\VBoxRT.dll' a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Programs\VirtualBox\VBoxRT.dll a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=D:\Programs\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3230000 'D:\Programs\VirtualBox\VBoxRT.dll' a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Programs\VirtualBox\VBoxRT.dll a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=D:\Programs\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3230000 'D:\Programs\VirtualBox\VBoxRT.dll' a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Programs\VirtualBox\VBoxRT.dll a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=D:\Programs\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3230000 'D:\Programs\VirtualBox\VBoxRT.dll' a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Programs\VirtualBox\VBoxRT.dll a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=D:\Programs\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3230000 'D:\Programs\VirtualBox\VBoxRT.dll' a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3230000 'D:\Programs\VirtualBox\VBoxRT.dll' a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3230000 'D:\Programs\VirtualBox\VBoxRT.dll' a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3230000 'D:\Programs\VirtualBox\VBoxRT.dll' a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3230000 'D:\Programs\VirtualBox\VBoxRT.dll' a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3230000 'D:\Programs\VirtualBox\VBoxRT.dll' a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3230000 'D:\Programs\VirtualBox\VBoxRT.dll' a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3230000 'D:\Programs\VirtualBox\VBoxRT.dll' a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Programs\VirtualBox\VBoxRT.dll a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=D:\Programs\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3230000 'D:\Programs\VirtualBox\VBoxRT.dll' a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3230000 'D:\Programs\VirtualBox\VBoxRT.dll' a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3230000 'D:\Programs\VirtualBox\VBoxRT.dll' a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3230000 'D:\Programs\VirtualBox\VBoxRT.dll' a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3230000 'D:\Programs\VirtualBox\VBoxRT.dll' a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3230000 'D:\Programs\VirtualBox\VBoxRT.dll' a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3230000 'D:\Programs\VirtualBox\VBoxRT.dll' a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3230000 'D:\Programs\VirtualBox\VBoxRT.dll' a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3230000 'D:\Programs\VirtualBox\VBoxRT.dll' a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3230000 'D:\Programs\VirtualBox\VBoxRT.dll' a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3230000 'D:\Programs\VirtualBox\VBoxRT.dll' a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3230000 'D:\Programs\VirtualBox\VBoxRT.dll' a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3230000 'D:\Programs\VirtualBox\VBoxRT.dll' a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3230000 'D:\Programs\VirtualBox\VBoxRT.dll' a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3230000 'D:\Programs\VirtualBox\VBoxRT.dll' a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3230000 'D:\Programs\VirtualBox\VBoxRT.dll' a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Programs\VirtualBox\VBoxRT.dll a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=D:\Programs\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3230000 'D:\Programs\VirtualBox\VBoxRT.dll' a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3230000 'D:\Programs\VirtualBox\VBoxRT.dll' a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3230000 'D:\Programs\VirtualBox\VBoxRT.dll' a0c.2cf4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rescheduled] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3230000 'D:\Programs\VirtualBox\VBoxRT.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34a70000 'C:\WINDOWS\system32\Wintrust.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\System32\crypt32.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\system32\crypt32.dll' a0c.2cf4: SUPR3HardenedMain: Load TrustedMain... a0c.2cf4: \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.dll: Signature #1/2: info status: 24202 a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'uicommon.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'. a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\System32\crypt32.dll' a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008] a0c.2cf4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmmbase.dll) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\System32\crypt32.dll' a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'. a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] a0c.2cf4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'. a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] a0c.2cf4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'. a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\System32\crypt32.dll' a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'gdi32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'user32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'combase.dll'. a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'. a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'win32u.dll'. a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] a0c.2cf4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'. a0c.2cf4: '\Device\HarddiskVolume2\Windows\System32\win32u.dll' has no imports a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\win32u.dll) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\win32u.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\System32\crypt32.dll' a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'. a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll) WinVerifyTrust a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume4\Programs\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008] a0c.2cf4: \Device\HarddiskVolume4\Programs\VirtualBox\Qt5OpenGLVBox.dll: Signature #1/2: info status: 24202 a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'. a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Programs\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Programs\VirtualBox\Qt5OpenGLVBox.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Programs\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] a0c.2cf4: \Device\HarddiskVolume4\Programs\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202 a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Programs\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] a0c.2cf4: \Device\HarddiskVolume4\Programs\VirtualBox\Qt5CoreVBox.dll: Signature #1/2: info status: 24202 a0c.2cf4: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\Qt5CoreVBox.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'. a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Programs\VirtualBox\Qt5CoreVBox.dll) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Programs\VirtualBox\Qt5CoreVBox.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Programs\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] a0c.2cf4: \Device\HarddiskVolume4\Programs\VirtualBox\Qt5GuiVBox.dll: Signature #1/2: info status: 24202 a0c.2cf4: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\Qt5GuiVBox.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Programs\VirtualBox\Qt5GuiVBox.dll) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Programs\VirtualBox\Qt5GuiVBox.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Programs\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] a0c.2cf4: \Device\HarddiskVolume4\Programs\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202 a0c.2cf4: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Programs\VirtualBox\Qt5WidgetsVBox.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Programs\VirtualBox\Qt5WidgetsVBox.dll) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Programs\VirtualBox\Qt5WidgetsVBox.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Programs\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Programs\VirtualBox\msvcp100.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #77 'user32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #79 'gdi32.dll'. a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Programs\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Programs\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Programs\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Programs\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Programs\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Programs\VirtualBox\msvcp100.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Programs\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Programs\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'. a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Programs\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Programs\VirtualBox\msvcp100.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008] a0c.2cf4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'. a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'. a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Programs\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Programs\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Programs\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Programs\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Programs\VirtualBox\msvcp100.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Programs\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Programs\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Programs\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Programs\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Programs\VirtualBox\Qt5GuiVBox.dll' a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Programs\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Programs\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Programs\VirtualBox\Qt5CoreVBox.dll' a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Programs\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Programs\VirtualBox\msvcp100.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Programs\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume4\Programs\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008] a0c.2cf4: \Device\HarddiskVolume4\Programs\VirtualBox\UICommon.dll: Signature #1/2: info status: 24202 a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'. a0c.2cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'. a0c.2cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Programs\VirtualBox\UICommon.dll) WinVerifyTrust a0c.2cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Programs\VirtualBox\UICommon.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust] a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000044c pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000119fa80 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000119fa80 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0837440FAE05EB650168FFA2D15E73182F6A3A26 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0) a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000011a0380 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011a0380 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0837440FAE05EB650168FFA2D15E73182F6A3A26 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168) a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000119fb40 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000119fb40 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=6622493BDCECA5422FCE0B921D6626202D89C04B3EFCC5A76BF19A9905D8BD33 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0) a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000119fa80 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000119fa80 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=6622493BDCECA5422FCE0B921D6626202D89C04B3EFCC5A76BF19A9905D8BD33 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168) a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) a0c.2cf4: supR3HardenedScreenImage/Imports: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' a0c.2cf4: Error (rc=0): a0c.2cf4: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume2\Windows\System32\opengl32.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\System32\crypt32.dll' a0c.2cf4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Programs\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Programs\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Programs\VirtualBox\Qt5WidgetsVBox.dll' a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Programs\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Programs\VirtualBox\Qt5GuiVBox.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Programs\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Programs\VirtualBox\Qt5CoreVBox.dll a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Programs\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... a0c.2cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Programs\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: pName=D:\Programs\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01: [calling] a0c.2cf4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Programs\VirtualBox\VirtualBoxVM.dll a0c.2cf4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll a0c.2cf4: Error (rc=0): a0c.2cf4: supR3HardenedScreenImage/NtCreateSection: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x10 fAccess=0xd cHits=3 \Device\HarddiskVolume2\Windows\System32\opengl32.dll a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'D:\Programs\VirtualBox\VirtualBoxVM.dll' a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003cc pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011a0380 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011a0380 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F356C86D0A2DBA0570D09B39D4AF818DFCB17010 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0) a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000119f540 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000119f540 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F356C86D0A2DBA0570D09B39D4AF818DFCB17010 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168) a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000119fa80 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000119fa80 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=41D97903DE3C10BFE43059393A6DD1DB671F42BFA9627D4C98589CCC6ADA69C2 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0) a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000119f6c0 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000119f6c0 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=41D97903DE3C10BFE43059393A6DD1DB671F42BFA9627D4C98589CCC6ADA69C2 a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168) a0c.2cf4: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\System32\crypt32.dll' a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\System32\crypt32.dll' a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\System32\crypt32.dll' a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\System32\crypt32.dll' a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\System32\crypt32.dll' a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\System32\crypt32.dll' a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa33d60000 'C:\WINDOWS\system32\rsaenh.dll' a0c.2cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa34d10000 'C:\WINDOWS\System32\crypt32.dll' a0c.2cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' a0c.2cf4: Fatal error: a0c.2cf4: supR3HardenedMainGetTrustedMain: LoadLibrary "D:\Programs\VirtualBox/VirtualBoxVM.dll" failed, rc=1790 1bcc.2eb8: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2848 ms, the end); 1bb0.2dd8: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 3681 ms, the end);