Ticket #19136: VBoxHardening.2.log

18c0.2284: Log file opened: 6.0.14r133895 g_hStartupLog=0000000000000074 g_uNtVerCombined=0xa047bb00
18c0.2284: \SystemRoot\System32\ntdll.dll:
18c0.2284:     CreationTime:    2019-10-10T14:11:58.713323600Z
18c0.2284:     LastWriteTime:   2019-10-10T14:11:58.802238300Z
18c0.2284:     ChangeTime:      2019-11-14T16:05:50.146664100Z
18c0.2284:     FileAttributes:  0x20
18c0.2284:     Size:            0x1e8528
18c0.2284:     NT Headers:      0xd8
18c0.2284:     Timestamp:       0x99ca0526
18c0.2284:     Machine:         0x8664 - amd64
18c0.2284:     Timestamp:       0x99ca0526
18c0.2284:     Image Version:   10.0
18c0.2284:     SizeOfImage:     0x1f0000 (2031616)
18c0.2284:     Resource Dir:    0x17f000 LB 0x6f310
18c0.2284:     [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
18c0.2284:     [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
18c0.2284:     ProductName:     Microsoft® Windows® Operating System
18c0.2284:     ProductVersion:  10.0.18362.418
18c0.2284:     FileVersion:     10.0.18362.418 (WinBuild.160101.0800)
18c0.2284:     FileDescription: NT Layer DLL
18c0.2284: \SystemRoot\System32\kernel32.dll:
18c0.2284:     CreationTime:    2019-09-13T19:37:38.549674400Z
18c0.2284:     LastWriteTime:   2019-09-13T19:37:38.586602800Z
18c0.2284:     ChangeTime:      2019-11-14T16:05:49.709071400Z
18c0.2284:     FileAttributes:  0x20
18c0.2284:     Size:            0xb0570
18c0.2284:     NT Headers:      0xe8
18c0.2284:     Timestamp:       0xd0cecc10
18c0.2284:     Machine:         0x8664 - amd64
18c0.2284:     Timestamp:       0xd0cecc10
18c0.2284:     Image Version:   10.0
18c0.2284:     SizeOfImage:     0xb2000 (729088)
18c0.2284:     Resource Dir:    0xb0000 LB 0x520
18c0.2284:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
18c0.2284:     [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
18c0.2284:     ProductName:     Microsoft® Windows® Operating System
18c0.2284:     ProductVersion:  10.0.18362.329
18c0.2284:     FileVersion:     10.0.18362.329 (WinBuild.160101.0800)
18c0.2284:     FileDescription: Windows NT BASE API Client DLL
18c0.2284: \SystemRoot\System32\KernelBase.dll:
18c0.2284:     CreationTime:    2019-11-14T16:03:37.286662400Z
18c0.2284:     LastWriteTime:   2019-11-14T16:03:37.415540100Z
18c0.2284:     ChangeTime:      2019-11-14T19:08:57.586841900Z
18c0.2284:     FileAttributes:  0x20
18c0.2284:     Size:            0x2a2908
18c0.2284:     NT Headers:      0xf0
18c0.2284:     Timestamp:       0x83c3d83a
18c0.2284:     Machine:         0x8664 - amd64
18c0.2284:     Timestamp:       0x83c3d83a
18c0.2284:     Image Version:   10.0
18c0.2284:     SizeOfImage:     0x2a3000 (2764800)
18c0.2284:     Resource Dir:    0x27d000 LB 0x548
18c0.2284:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
18c0.2284:     [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
18c0.2284:     ProductName:     Microsoft® Windows® Operating System
18c0.2284:     ProductVersion:  10.0.18362.476
18c0.2284:     FileVersion:     10.0.18362.476 (WinBuild.160101.0800)
18c0.2284:     FileDescription: Windows NT BASE API Client DLL
18c0.2284: \SystemRoot\System32\apisetschema.dll:
18c0.2284:     CreationTime:    2019-03-19T04:43:54.837151500Z
18c0.2284:     LastWriteTime:   2019-03-19T04:43:54.837151500Z
18c0.2284:     ChangeTime:      2019-11-14T16:05:49.339411400Z
18c0.2284:     FileAttributes:  0x20
18c0.2284:     Size:            0x1d028
18c0.2284:     NT Headers:      0xc8
18c0.2284:     Timestamp:       0xd6ced080
18c0.2284:     Machine:         0x8664 - amd64
18c0.2284:     Timestamp:       0xd6ced080
18c0.2284:     Image Version:   10.0
18c0.2284:     SizeOfImage:     0x1e000 (122880)
18c0.2284:     Resource Dir:    0x1d000 LB 0x408
18c0.2284:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
18c0.2284:     [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
18c0.2284:     ProductName:     Microsoft® Windows® Operating System
18c0.2284:     ProductVersion:  10.0.18362.1
18c0.2284:     FileVersion:     10.0.18362.1 (WinBuild.160101.0800)
18c0.2284:     FileDescription: ApiSet Schema DLL
18c0.2284: Found driver klkbdflt (0x40)
18c0.2284: Found driver klmouflt (0x40)
18c0.2284: Found driver KLIM6 (0x40)
18c0.2284: Found driver kneps (0x40)
18c0.2284: Found driver klflt (0x40)
18c0.2284: supR3HardenedWinFindAdversaries: 0x40
18c0.2284: \SystemRoot\System32\drivers\klflt.sys:
18c0.2284:     CreationTime:    2018-11-20T09:50:50.978328500Z
18c0.2284:     LastWriteTime:   2019-08-07T13:01:58.292832100Z
18c0.2284:     ChangeTime:      2019-09-02T18:03:17.094878400Z
18c0.2284:     FileAttributes:  0x20
18c0.2284:     Size:            0x39c80
18c0.2284:     NT Headers:      0xf8
18c0.2284:     Timestamp:       0x5d0ce55e
18c0.2284:     Machine:         0x8664 - amd64
18c0.2284:     Timestamp:       0x5d0ce55e
18c0.2284:     Image Version:   6.2
18c0.2284:     SizeOfImage:     0x47000 (290816)
18c0.2284:     Resource Dir:    0x44000 LB 0x420
18c0.2284:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
18c0.2284:     [Raw version resource data: 0x44060 LB 0x3c0, codepage 0x0 (reserved 0x0)]
18c0.2284:     ProductName:     System Interceptors PDK
18c0.2284:     ProductVersion:  15.1.244.0
18c0.2284:     FileVersion:     15.1.244.0
18c0.2284:     FileDescription: Filter Core [fre_win8_x64]
18c0.2284: \SystemRoot\System32\drivers\klif.sys:
18c0.2284:     CreationTime:    2018-11-20T09:50:50.982331000Z
18c0.2284:     LastWriteTime:   2019-08-07T13:01:58.766393500Z
18c0.2284:     ChangeTime:      2019-09-02T18:03:17.094878400Z
18c0.2284:     FileAttributes:  0x20
18c0.2284:     Size:            0x11d280
18c0.2284:     NT Headers:      0x108
18c0.2284:     Timestamp:       0x5d0ce567
18c0.2284:     Machine:         0x8664 - amd64
18c0.2284:     Timestamp:       0x5d0ce567
18c0.2284:     Image Version:   6.2
18c0.2284:     SizeOfImage:     0x121000 (1183744)
18c0.2284:     Resource Dir:    0x118000 LB 0x29a0
18c0.2284:     [Version info resource found at 0x150! (ID/Name: 0x1; SubID/SubName: 0x409)]
18c0.2284:     [Raw version resource data: 0x118618 LB 0x3d8, codepage 0x0 (reserved 0x0)]
18c0.2284:     ProductName:     System Interceptors PDK
18c0.2284:     ProductVersion:  15.1.244.0
18c0.2284:     FileVersion:     15.1.244.0
18c0.2284:     FileDescription: Core System Interceptors [fre_win8_x64]
18c0.2284: \SystemRoot\System32\drivers\klim6.sys:
18c0.2284:     CreationTime:    2018-02-12T03:17:16.000000000Z
18c0.2284:     LastWriteTime:   2019-04-15T10:39:11.262715200Z
18c0.2284:     ChangeTime:      2019-10-30T20:14:04.378005300Z
18c0.2284:     FileAttributes:  0x20
18c0.2284:     Size:            0xe550
18c0.2284:     NT Headers:      0xf0
18c0.2284:     Timestamp:       0x5c543766
18c0.2284:     Machine:         0x8664 - amd64
18c0.2284:     Timestamp:       0x5c543766
18c0.2284:     Image Version:   6.2
18c0.2284:     SizeOfImage:     0xb000 (45056)
18c0.2284:     Resource Dir:    0x9000 LB 0x438
18c0.2284:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
18c0.2284:     [Raw version resource data: 0x9060 LB 0x3d4, codepage 0x0 (reserved 0x0)]
18c0.2284:     ProductName:     System Interceptors PDK
18c0.2284:     ProductVersion:  15.1.203.0
18c0.2284:     FileVersion:     15.1.203.0
18c0.2284:     FileDescription: Packet Network Filter [fre_win8_x64]
18c0.2284: \SystemRoot\System32\drivers\klkbdflt.sys:
18c0.2284:     CreationTime:    2018-11-20T09:50:50.988333100Z
18c0.2284:     LastWriteTime:   2019-04-15T10:40:00.034381700Z
18c0.2284:     ChangeTime:      2019-09-02T18:03:17.094878400Z
18c0.2284:     FileAttributes:  0x20
18c0.2284:     Size:            0xec78
18c0.2284:     NT Headers:      0xe8
18c0.2284:     Timestamp:       0x5c516e05
18c0.2284:     Machine:         0x8664 - amd64
18c0.2284:     Timestamp:       0x5c516e05
18c0.2284:     Image Version:   6.2
18c0.2284:     SizeOfImage:     0xd000 (53248)
18c0.2284:     Resource Dir:    0xb000 LB 0x440
18c0.2284:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
18c0.2284:     [Raw version resource data: 0xb060 LB 0x3dc, codepage 0x0 (reserved 0x0)]
18c0.2284:     ProductName:     System Interceptors PDK
18c0.2284:     ProductVersion:  15.1.204.0
18c0.2284:     FileVersion:     15.1.204.0
18c0.2284:     FileDescription: Keyboard Device Filter [fre_win8_x64]
18c0.2284: \SystemRoot\System32\drivers\klmouflt.sys:
18c0.2284:     CreationTime:    2018-11-20T09:50:50.991334300Z
18c0.2284:     LastWriteTime:   2019-04-15T10:40:00.105316500Z
18c0.2284:     ChangeTime:      2019-09-02T18:03:17.094878400Z
18c0.2284:     FileAttributes:  0x20
18c0.2284:     Size:            0xed70
18c0.2284:     NT Headers:      0xd8
18c0.2284:     Timestamp:       0x5c4c6ef9
18c0.2284:     Machine:         0x8664 - amd64
18c0.2284:     Timestamp:       0x5c4c6ef9
18c0.2284:     Image Version:   6.2
18c0.2284:     SizeOfImage:     0xf000 (61440)
18c0.2284:     Resource Dir:    0xd000 LB 0x438
18c0.2284:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
18c0.2284:     [Raw version resource data: 0xd060 LB 0x3d8, codepage 0x0 (reserved 0x0)]
18c0.2284:     ProductName:     System Interceptors PDK
18c0.2284:     ProductVersion:  15.1.202.0
18c0.2284:     FileVersion:     15.1.202.0
18c0.2284:     FileDescription: Mouse Device Filter [fre_win8_x64]
18c0.2284: \SystemRoot\System32\drivers\kneps.sys:
18c0.2284:     CreationTime:    2018-11-20T09:50:51.023345600Z
18c0.2284:     LastWriteTime:   2019-04-15T10:40:00.763705300Z
18c0.2284:     ChangeTime:      2019-09-02T18:03:17.110503200Z
18c0.2284:     FileAttributes:  0x20
18c0.2284:     Size:            0x35480
18c0.2284:     NT Headers:      0xf8
18c0.2284:     Timestamp:       0x5c7e4b42
18c0.2284:     Machine:         0x8664 - amd64
18c0.2284:     Timestamp:       0x5c7e4b42
18c0.2284:     Image Version:   6.2
18c0.2284:     SizeOfImage:     0x33000 (208896)
18c0.2284:     Resource Dir:    0x30000 LB 0x430
18c0.2284:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
18c0.2284:     [Raw version resource data: 0x30060 LB 0x3cc, codepage 0x0 (reserved 0x0)]
18c0.2284:     ProductName:     System Interceptors PDK
18c0.2284:     ProductVersion:  15.1.215.0
18c0.2284:     FileVersion:     15.1.215.0
18c0.2284:     FileDescription: Network Processor [fre_win8_x64]
18c0.2284: \SystemRoot\System32\klfphc.dll:
18c0.2284:     CreationTime:    2018-11-20T09:50:00.439136800Z
18c0.2284:     LastWriteTime:   2013-05-06T07:13:26.000000000Z
18c0.2284:     ChangeTime:      2019-09-02T18:03:16.860513700Z
18c0.2284:     FileAttributes:  0x2020
18c0.2284:     Size:            0x1ae60
18c0.2284:     NT Headers:      0xe8
18c0.2284:     Timestamp:       0x51873bf2
18c0.2284:     Machine:         0x8664 - amd64
18c0.2284:     Timestamp:       0x51873bf2
18c0.2284:     Image Version:   0.0
18c0.2284:     SizeOfImage:     0x1d000 (118784)
18c0.2284:     Resource Dir:    0x18000 LB 0x3c80
18c0.2284:     [Version info resource found at 0x188! (ID/Name: 0x1; SubID/SubName: 0x409)]
18c0.2284:     [Raw version resource data: 0x1b800 LB 0x324, codepage 0x4e4 (reserved 0x0)]
18c0.2284:     ProductName:     Kaspersky™ Anti-Virus ®
18c0.2284:     ProductVersion:  1.0.0.12
18c0.2284:     FileVersion:     1.0.0.12
18c0.2284:     FileDescription: Filtering Platform Helper Class
18c0.2284: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
18c0.2284: Calling main()
18c0.2284: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
18c0.2284: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
18c0.2284: SUPR3HardenedMain: Respawn #1
18c0.2284: System32:  \Device\HarddiskVolume2\Windows\System32
18c0.2284: WinSxS:    \Device\HarddiskVolume2\Windows\WinSxS
18c0.2284: KnownDllPath: C:\WINDOWS\System32
18c0.2284: supR3HardenedWinInit: Performing a limited self purification...
18c0.2284: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
18c0.2284:  *0000000000000000-0000000000d2ffff 0x0001/0x0000 0x0000000
18c0.2284:  *0000000000d30000-0000000000d3ffff 0x0004/0x0004 0x0040000
18c0.2284:   0000000000d40000-0000000000d4ffff 0x0001/0x0000 0x0000000
18c0.2284:  *0000000000d50000-0000000000d6afff 0x0002/0x0002 0x0040000
18c0.2284:   0000000000d6b000-0000000000d6ffff 0x0001/0x0000 0x0000000
18c0.2284:  *0000000000d70000-0000000000d73fff 0x0002/0x0002 0x0040000
18c0.2284:   0000000000d74000-0000000000d7ffff 0x0001/0x0000 0x0000000
18c0.2284:  *0000000000d80000-0000000000d81fff 0x0004/0x0004 0x0020000
18c0.2284:   0000000000d82000-0000000000d8ffff 0x0001/0x0000 0x0000000
18c0.2284:  *0000000000d90000-0000000000d91fff 0x0004/0x0004 0x0020000
18c0.2284:   0000000000d92000-0000000000da9fff 0x0000/0x0004 0x0020000
18c0.2284:   0000000000daa000-0000000000dfffff 0x0001/0x0000 0x0000000
18c0.2284:  *0000000000e00000-0000000000f32fff 0x0000/0x0004 0x0020000
18c0.2284:   0000000000f33000-0000000000f35fff 0x0004/0x0004 0x0020000
18c0.2284:   0000000000f36000-0000000000ffffff 0x0000/0x0004 0x0020000
18c0.2284:  *0000000001000000-00000000010b0fff 0x0000/0x0004 0x0020000
18c0.2284:   00000000010b1000-00000000010b3fff 0x0104/0x0004 0x0020000
18c0.2284:   00000000010b4000-00000000010fffff 0x0004/0x0004 0x0020000
18c0.2284:  *0000000001100000-00000000011c6fff 0x0002/0x0002 0x0040000
18c0.2284:   00000000011c7000-000000000122ffff 0x0001/0x0000 0x0000000
18c0.2284:  *0000000001230000-0000000001235fff 0x0004/0x0004 0x0020000
18c0.2284:   0000000001236000-000000000132ffff 0x0000/0x0004 0x0020000
18c0.2284:  *0000000001330000-000000000134cfff 0x0004/0x0004 0x0020000
18c0.2284:   000000000134d000-000000000142ffff 0x0000/0x0004 0x0020000
18c0.2284:   0000000001430000-00000000014dffff 0x0001/0x0000 0x0000000
18c0.2284:  *00000000014e0000-00000000014eefff 0x0004/0x0004 0x0020000
18c0.2284:   00000000014ef000-00000000014effff 0x0000/0x0004 0x0020000
18c0.2284:  *00000000014f0000-00000000014f2fff 0x0000/0x0004 0x0020000
18c0.2284:   00000000014f3000-00000000016e3fff 0x0004/0x0004 0x0020000
18c0.2284:   00000000016e4000-00000000016e4fff 0x0000/0x0004 0x0020000
18c0.2284:   00000000016e5000-000000007ffdffff 0x0001/0x0000 0x0000000
18c0.2284:  *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
18c0.2284:   000000007ffe1000-000000007ffedfff 0x0001/0x0000 0x0000000
18c0.2284:  *000000007ffee000-000000007ffeefff 0x0002/0x0002 0x0020000
18c0.2284:   000000007ffef000-00007ff4c6ecffff 0x0001/0x0000 0x0000000
18c0.2284:  *00007ff4c6ed0000-00007ff4c6ed4fff 0x0002/0x0002 0x0040000
18c0.2284:   00007ff4c6ed5000-00007ff4c6fcffff 0x0000/0x0002 0x0040000
18c0.2284:  *00007ff4c6fd0000-00007ff5c6feffff 0x0000/0x0004 0x0020000
18c0.2284:  *00007ff5c6ff0000-00007ff5c8feffff 0x0000/0x0004 0x0020000
18c0.2284:   00007ff5c8ff0000-00007ff5c8ff0fff 0x0004/0x0004 0x0020000
18c0.2284:   00007ff5c8ff1000-00007ff5c8ffffff 0x0001/0x0000 0x0000000
18c0.2284:  *00007ff5c9000000-00007ff5c9000fff 0x0002/0x0002 0x0040000
18c0.2284:   00007ff5c9001000-00007ff5c900ffff 0x0001/0x0000 0x0000000
18c0.2284:  *00007ff5c9010000-00007ff5c9032fff 0x0002/0x0002 0x0040000
18c0.2284:   00007ff5c9033000-00007ff6e359ffff 0x0001/0x0000 0x0000000
18c0.2284:  *00007ff6e35a0000-00007ff6e35a0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
18c0.2284:   00007ff6e35a1000-00007ff6e3615fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
18c0.2284:   00007ff6e3616000-00007ff6e3616fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
18c0.2284:   00007ff6e3617000-00007ff6e365efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
18c0.2284:   00007ff6e365f000-00007ff6e3661fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
18c0.2284:   00007ff6e3662000-00007ff6e3664fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
18c0.2284:   00007ff6e3665000-00007ff6e3667fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
18c0.2284:   00007ff6e3668000-00007ff6e3668fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
18c0.2284:   00007ff6e3669000-00007ff6e366afff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
18c0.2284:   00007ff6e366b000-00007ff6e366bfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
18c0.2284:   00007ff6e366c000-00007ff6e36b4fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
18c0.2284:   00007ff6e36b5000-00007ffedaeaffff 0x0001/0x0000 0x0000000
18c0.2284:  *00007ffedaeb0000-00007ffedaeb0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
18c0.2284:   00007ffedaeb1000-00007ffedafb5fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
18c0.2284:   00007ffedafb6000-00007ffedb117fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
18c0.2284:   00007ffedb118000-00007ffedb11bfff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
18c0.2284:   00007ffedb11c000-00007ffedb11cfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
18c0.2284:   00007ffedb11d000-00007ffedb152fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
18c0.2284:   00007ffedb153000-00007ffedbd2ffff 0x0001/0x0000 0x0000000
18c0.2284:  *00007ffedbd30000-00007ffedbd30fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\kernel32.dll
18c0.2284:   00007ffedbd31000-00007ffedbda5fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\kernel32.dll
18c0.2284:   00007ffedbda6000-00007ffedbdd7fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\kernel32.dll
18c0.2284:   00007ffedbdd8000-00007ffedbdd8fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\kernel32.dll
18c0.2284:   00007ffedbdd9000-00007ffedbdd9fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\kernel32.dll
18c0.2284:   00007ffedbdda000-00007ffedbde1fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\kernel32.dll
18c0.2284:   00007ffedbde2000-00007ffedd9dffff 0x0001/0x0000 0x0000000
18c0.2284:  *00007ffedd9e0000-00007ffedd9e0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
18c0.2284:   00007ffedd9e1000-00007ffeddaf7fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
18c0.2284:   00007ffeddaf8000-00007ffeddb3efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
18c0.2284:   00007ffeddb3f000-00007ffeddb3ffff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
18c0.2284:   00007ffeddb40000-00007ffeddb41fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
18c0.2284:   00007ffeddb42000-00007ffeddb4afff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
18c0.2284:   00007ffeddb4b000-00007ffeddbcffff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
18c0.2284:   00007ffeddbd0000-00007ffffffeffff 0x0001/0x0000 0x0000000
18c0.2284: kernel32.dll: timestamp 0xd0cecc10 (rc=VINF_SUCCESS)
18c0.2284: kernelbase.dll: timestamp 0x83c3d83a (rc=VINF_SUCCESS)
18c0.2284: VirtualBoxVM.exe: timestamp 0x5d9f7c37 (rc=VINF_SUCCESS)
18c0.2284: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
18c0.2284: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
18c0.2284: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0
18c0.2284: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
18c0.2284: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
18c0.2284: supR3HardNtEnableThreadCreationEx:
18c0.2284: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffedda517f0 pvNtTerminateThread=00007ffedda7cb10
18c0.2284: supR3HardenedWinDoReSpawn(1): New child 15e8.2fc8 [kernel32].
18c0.2284: supR3HardNtChildGatherData: PebBaseAddress=0000000000abd000 cbPeb=0x388
18c0.2284: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffedd9e0000 uNtDllChildAddr=00007ffedd9e0000
18c0.2284: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffedda517f0
18c0.2284: supR3HardenedWinSetupChildInit: Start child.
18c0.2284: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
18c0.2284: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 55 sleeps
18c0.2284: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
18c0.2284:  *0000000000000000-000000000082ffff 0x0001/0x0000 0x0000000
18c0.2284:  *0000000000830000-000000000084ffff 0x0004/0x0004 0x0020000
18c0.2284:  *0000000000850000-000000000086afff 0x0002/0x0002 0x0040000
18c0.2284:   000000000086b000-000000000086ffff 0x0001/0x0000 0x0000000
18c0.2284:  *0000000000870000-000000000096afff 0x0000/0x0004 0x0020000
18c0.2284:   000000000096b000-000000000096dfff 0x0104/0x0004 0x0020000
18c0.2284:   000000000096e000-000000000096ffff 0x0004/0x0004 0x0020000
18c0.2284:  *0000000000970000-0000000000973fff 0x0002/0x0002 0x0040000
18c0.2284:   0000000000974000-000000000097ffff 0x0001/0x0000 0x0000000
18c0.2284:  *0000000000980000-0000000000981fff 0x0004/0x0004 0x0020000
18c0.2284:   0000000000982000-00000000009fffff 0x0001/0x0000 0x0000000
18c0.2284:  *0000000000a00000-0000000000abcfff 0x0000/0x0004 0x0020000
18c0.2284:   0000000000abd000-0000000000abffff 0x0004/0x0004 0x0020000
18c0.2284:   0000000000ac0000-0000000000bfffff 0x0000/0x0004 0x0020000
18c0.2284:   0000000000c00000-000000007ffdffff 0x0001/0x0000 0x0000000
18c0.2284:  *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
18c0.2284:   000000007ffe1000-000000007ffedfff 0x0001/0x0000 0x0000000
18c0.2284:  *000000007ffee000-000000007ffeefff 0x0002/0x0002 0x0020000
18c0.2284:   000000007ffef000-00007ff55582ffff 0x0001/0x0000 0x0000000
18c0.2284:  *00007ff555830000-00007ff555830fff 0x0002/0x0002 0x0040000
18c0.2284:   00007ff555831000-00007ff55583ffff 0x0001/0x0000 0x0000000
18c0.2284:  *00007ff555840000-00007ff555862fff 0x0002/0x0002 0x0040000
18c0.2284:   00007ff555863000-00007ff6e359ffff 0x0001/0x0000 0x0000000
18c0.2284:  *00007ff6e35a0000-00007ff6e35a0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
18c0.2284:   00007ff6e35a1000-00007ff6e3615fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
18c0.2284:   00007ff6e3616000-00007ff6e3616fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
18c0.2284:   00007ff6e3617000-00007ff6e365efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
18c0.2284:   00007ff6e365f000-00007ff6e365ffff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
18c0.2284:   00007ff6e3660000-00007ff6e3660fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
18c0.2284:   00007ff6e3661000-00007ff6e3665fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
18c0.2284:   00007ff6e3666000-00007ff6e3666fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
18c0.2284:   00007ff6e3667000-00007ff6e3667fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
18c0.2284:   00007ff6e3668000-00007ff6e366bfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
18c0.2284:   00007ff6e366c000-00007ff6e36b4fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
18c0.2284:   00007ff6e36b5000-00007ffedd9dffff 0x0001/0x0000 0x0000000
18c0.2284:  *00007ffedd9e0000-00007ffedd9e0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
18c0.2284:   00007ffedd9e1000-00007ffeddaf7fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
18c0.2284:   00007ffeddaf8000-00007ffeddb3efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
18c0.2284:   00007ffeddb3f000-00007ffeddb4afff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
18c0.2284:   00007ffeddb4b000-00007ffeddb59fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
18c0.2284:   00007ffeddb5a000-00007ffeddb5afff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
18c0.2284:   00007ffeddb5b000-00007ffeddb5dfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
18c0.2284:   00007ffeddb5e000-00007ffeddbcffff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
18c0.2284:   00007ffeddbd0000-00007ffffffeffff 0x0001/0x0000 0x0000000
18c0.2284: supR3HardNtChildPurify: Done after 522 ms and 0 fixes (loop #0).
15e8.2fc8: Log file opened: 6.0.14r133895 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047bb00
15e8.2fc8: supR3HardenedVmProcessInit: uNtDllAddr=00007ffedd9e0000 g_uNtVerCombined=0xa047bb00
15e8.2fc8: ntdll.dll: timestamp 0x99ca0526 (rc=VINF_SUCCESS)
15e8.2fc8: New simple heap: #1 0000000000d00000 LB 0x400000 (for 2031616 allocation)
18c0.2284: supR3HardNtEnableThreadCreationEx:
15e8.2fc8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
15e8.2fc8: System32:  \Device\HarddiskVolume2\Windows\System32
15e8.2fc8: WinSxS:    \Device\HarddiskVolume2\Windows\WinSxS
15e8.2fc8: KnownDllPath: C:\WINDOWS\System32
15e8.2fc8: supR3HardenedVmProcessInit: Opening vboxdrv stub...
15e8.2fc8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
15e8.2fc8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
15e8.2fc8: Registered Dll notification callback with NTDLL.
15e8.2fc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
15e8.2fc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
15e8.2fc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
15e8.2fc8: supR3HardenedDllNotificationCallback: load   00007ffedaeb0000 LB 0x002a3000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
15e8.2fc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
15e8.2fc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
15e8.2fc8: supR3HardenedDllNotificationCallback: load   00007ffedbd30000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
15e8.2fc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
15e8.2fc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedbd30000 'C:\WINDOWS\System32\KERNEL32.DLL'
15e8.2fc8: supR3HardenedDllNotificationCallback: load   00007ff6e35a0000 LB 0x00115000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
15e8.2fc8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
15e8.2fc8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
15e8.2fc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
15e8.2fc8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffedda517f0 pvNtTerminateThread=00007ffedda7cb10
18c0.2284: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 218 ms.
15e8.2fc8: \SystemRoot\System32\ntdll.dll:
15e8.2fc8:     CreationTime:    2019-10-10T14:11:58.713323600Z
15e8.2fc8:     LastWriteTime:   2019-10-10T14:11:58.802238300Z
15e8.2fc8:     ChangeTime:      2019-11-14T16:05:50.146664100Z
15e8.2fc8:     FileAttributes:  0x20
15e8.2fc8:     Size:            0x1e8528
15e8.2fc8:     NT Headers:      0xd8
15e8.2fc8:     Timestamp:       0x99ca0526
15e8.2fc8:     Machine:         0x8664 - amd64
15e8.2fc8:     Timestamp:       0x99ca0526
15e8.2fc8:     Image Version:   10.0
15e8.2fc8:     SizeOfImage:     0x1f0000 (2031616)
15e8.2fc8:     Resource Dir:    0x17f000 LB 0x6f310
15e8.2fc8:     [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
15e8.2fc8:     [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
15e8.2fc8:     ProductName:     Microsoft® Windows® Operating System
15e8.2fc8:     ProductVersion:  10.0.18362.418
15e8.2fc8:     FileVersion:     10.0.18362.418 (WinBuild.160101.0800)
15e8.2fc8:     FileDescription: NT Layer DLL
15e8.2fc8: \SystemRoot\System32\kernel32.dll:
15e8.2fc8:     CreationTime:    2019-09-13T19:37:38.549674400Z
15e8.2fc8:     LastWriteTime:   2019-09-13T19:37:38.586602800Z
15e8.2fc8:     ChangeTime:      2019-11-14T16:05:49.709071400Z
15e8.2fc8:     FileAttributes:  0x20
15e8.2fc8:     Size:            0xb0570
15e8.2fc8:     NT Headers:      0xe8
15e8.2fc8:     Timestamp:       0xd0cecc10
15e8.2fc8:     Machine:         0x8664 - amd64
15e8.2fc8:     Timestamp:       0xd0cecc10
15e8.2fc8:     Image Version:   10.0
15e8.2fc8:     SizeOfImage:     0xb2000 (729088)
15e8.2fc8:     Resource Dir:    0xb0000 LB 0x520
15e8.2fc8:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
15e8.2fc8:     [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
15e8.2fc8:     ProductName:     Microsoft® Windows® Operating System
15e8.2fc8:     ProductVersion:  10.0.18362.329
15e8.2fc8:     FileVersion:     10.0.18362.329 (WinBuild.160101.0800)
15e8.2fc8:     FileDescription: Windows NT BASE API Client DLL
15e8.2fc8: \SystemRoot\System32\KernelBase.dll:
15e8.2fc8:     CreationTime:    2019-11-14T16:03:37.286662400Z
15e8.2fc8:     LastWriteTime:   2019-11-14T16:03:37.415540100Z
15e8.2fc8:     ChangeTime:      2019-11-14T19:08:57.586841900Z
15e8.2fc8:     FileAttributes:  0x20
15e8.2fc8:     Size:            0x2a2908
15e8.2fc8:     NT Headers:      0xf0
15e8.2fc8:     Timestamp:       0x83c3d83a
15e8.2fc8:     Machine:         0x8664 - amd64
15e8.2fc8:     Timestamp:       0x83c3d83a
15e8.2fc8:     Image Version:   10.0
15e8.2fc8:     SizeOfImage:     0x2a3000 (2764800)
15e8.2fc8:     Resource Dir:    0x27d000 LB 0x548
15e8.2fc8:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
15e8.2fc8:     [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
15e8.2fc8:     ProductName:     Microsoft® Windows® Operating System
15e8.2fc8:     ProductVersion:  10.0.18362.476
15e8.2fc8:     FileVersion:     10.0.18362.476 (WinBuild.160101.0800)
15e8.2fc8:     FileDescription: Windows NT BASE API Client DLL
15e8.2fc8: \SystemRoot\System32\apisetschema.dll:
15e8.2fc8:     CreationTime:    2019-03-19T04:43:54.837151500Z
15e8.2fc8:     LastWriteTime:   2019-03-19T04:43:54.837151500Z
15e8.2fc8:     ChangeTime:      2019-11-14T16:05:49.339411400Z
15e8.2fc8:     FileAttributes:  0x20
15e8.2fc8:     Size:            0x1d028
15e8.2fc8:     NT Headers:      0xc8
15e8.2fc8:     Timestamp:       0xd6ced080
15e8.2fc8:     Machine:         0x8664 - amd64
15e8.2fc8:     Timestamp:       0xd6ced080
15e8.2fc8:     Image Version:   10.0
15e8.2fc8:     SizeOfImage:     0x1e000 (122880)
15e8.2fc8:     Resource Dir:    0x1d000 LB 0x408
15e8.2fc8:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
15e8.2fc8:     [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
15e8.2fc8:     ProductName:     Microsoft® Windows® Operating System
15e8.2fc8:     ProductVersion:  10.0.18362.1
15e8.2fc8:     FileVersion:     10.0.18362.1 (WinBuild.160101.0800)
15e8.2fc8:     FileDescription: ApiSet Schema DLL
15e8.2fc8: Found driver klkbdflt (0x40)
15e8.2fc8: Found driver klmouflt (0x40)
15e8.2fc8: Found driver KLIM6 (0x40)
15e8.2fc8: Found driver kneps (0x40)
15e8.2fc8: Found driver klflt (0x40)
15e8.2fc8: supR3HardenedWinFindAdversaries: 0x40
15e8.2fc8: \SystemRoot\System32\drivers\klflt.sys:
15e8.2fc8:     CreationTime:    2018-11-20T09:50:50.978328500Z
15e8.2fc8:     LastWriteTime:   2019-08-07T13:01:58.292832100Z
15e8.2fc8:     ChangeTime:      2019-09-02T18:03:17.094878400Z
15e8.2fc8:     FileAttributes:  0x20
15e8.2fc8:     Size:            0x39c80
15e8.2fc8:     NT Headers:      0xf8
15e8.2fc8:     Timestamp:       0x5d0ce55e
15e8.2fc8:     Machine:         0x8664 - amd64
15e8.2fc8:     Timestamp:       0x5d0ce55e
15e8.2fc8:     Image Version:   6.2
15e8.2fc8:     SizeOfImage:     0x47000 (290816)
15e8.2fc8:     Resource Dir:    0x44000 LB 0x420
15e8.2fc8:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
15e8.2fc8:     [Raw version resource data: 0x44060 LB 0x3c0, codepage 0x0 (reserved 0x0)]
15e8.2fc8:     ProductName:     System Interceptors PDK
15e8.2fc8:     ProductVersion:  15.1.244.0
15e8.2fc8:     FileVersion:     15.1.244.0
15e8.2fc8:     FileDescription: Filter Core [fre_win8_x64]
15e8.2fc8: \SystemRoot\System32\drivers\klif.sys:
15e8.2fc8:     CreationTime:    2018-11-20T09:50:50.982331000Z
15e8.2fc8:     LastWriteTime:   2019-08-07T13:01:58.766393500Z
15e8.2fc8:     ChangeTime:      2019-09-02T18:03:17.094878400Z
15e8.2fc8:     FileAttributes:  0x20
15e8.2fc8:     Size:            0x11d280
15e8.2fc8:     NT Headers:      0x108
15e8.2fc8:     Timestamp:       0x5d0ce567
15e8.2fc8:     Machine:         0x8664 - amd64
15e8.2fc8:     Timestamp:       0x5d0ce567
15e8.2fc8:     Image Version:   6.2
15e8.2fc8:     SizeOfImage:     0x121000 (1183744)
15e8.2fc8:     Resource Dir:    0x118000 LB 0x29a0
15e8.2fc8:     [Version info resource found at 0x150! (ID/Name: 0x1; SubID/SubName: 0x409)]
15e8.2fc8:     [Raw version resource data: 0x118618 LB 0x3d8, codepage 0x0 (reserved 0x0)]
15e8.2fc8:     ProductName:     System Interceptors PDK
15e8.2fc8:     ProductVersion:  15.1.244.0
15e8.2fc8:     FileVersion:     15.1.244.0
15e8.2fc8:     FileDescription: Core System Interceptors [fre_win8_x64]
15e8.2fc8: \SystemRoot\System32\drivers\klim6.sys:
15e8.2fc8:     CreationTime:    2018-02-12T03:17:16.000000000Z
15e8.2fc8:     LastWriteTime:   2019-04-15T10:39:11.262715200Z
15e8.2fc8:     ChangeTime:      2019-10-30T20:14:04.378005300Z
15e8.2fc8:     FileAttributes:  0x20
15e8.2fc8:     Size:            0xe550
15e8.2fc8:     NT Headers:      0xf0
15e8.2fc8:     Timestamp:       0x5c543766
15e8.2fc8:     Machine:         0x8664 - amd64
15e8.2fc8:     Timestamp:       0x5c543766
15e8.2fc8:     Image Version:   6.2
15e8.2fc8:     SizeOfImage:     0xb000 (45056)
15e8.2fc8:     Resource Dir:    0x9000 LB 0x438
15e8.2fc8:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
15e8.2fc8:     [Raw version resource data: 0x9060 LB 0x3d4, codepage 0x0 (reserved 0x0)]
15e8.2fc8:     ProductName:     System Interceptors PDK
15e8.2fc8:     ProductVersion:  15.1.203.0
15e8.2fc8:     FileVersion:     15.1.203.0
15e8.2fc8:     FileDescription: Packet Network Filter [fre_win8_x64]
15e8.2fc8: \SystemRoot\System32\drivers\klkbdflt.sys:
15e8.2fc8:     CreationTime:    2018-11-20T09:50:50.988333100Z
15e8.2fc8:     LastWriteTime:   2019-04-15T10:40:00.034381700Z
15e8.2fc8:     ChangeTime:      2019-09-02T18:03:17.094878400Z
15e8.2fc8:     FileAttributes:  0x20
15e8.2fc8:     Size:            0xec78
15e8.2fc8:     NT Headers:      0xe8
15e8.2fc8:     Timestamp:       0x5c516e05
15e8.2fc8:     Machine:         0x8664 - amd64
15e8.2fc8:     Timestamp:       0x5c516e05
15e8.2fc8:     Image Version:   6.2
15e8.2fc8:     SizeOfImage:     0xd000 (53248)
15e8.2fc8:     Resource Dir:    0xb000 LB 0x440
15e8.2fc8:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
15e8.2fc8:     [Raw version resource data: 0xb060 LB 0x3dc, codepage 0x0 (reserved 0x0)]
15e8.2fc8:     ProductName:     System Interceptors PDK
15e8.2fc8:     ProductVersion:  15.1.204.0
15e8.2fc8:     FileVersion:     15.1.204.0
15e8.2fc8:     FileDescription: Keyboard Device Filter [fre_win8_x64]
15e8.2fc8: \SystemRoot\System32\drivers\klmouflt.sys:
15e8.2fc8:     CreationTime:    2018-11-20T09:50:50.991334300Z
15e8.2fc8:     LastWriteTime:   2019-04-15T10:40:00.105316500Z
15e8.2fc8:     ChangeTime:      2019-09-02T18:03:17.094878400Z
15e8.2fc8:     FileAttributes:  0x20
15e8.2fc8:     Size:            0xed70
15e8.2fc8:     NT Headers:      0xd8
15e8.2fc8:     Timestamp:       0x5c4c6ef9
15e8.2fc8:     Machine:         0x8664 - amd64
15e8.2fc8:     Timestamp:       0x5c4c6ef9
15e8.2fc8:     Image Version:   6.2
15e8.2fc8:     SizeOfImage:     0xf000 (61440)
15e8.2fc8:     Resource Dir:    0xd000 LB 0x438
15e8.2fc8:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
15e8.2fc8:     [Raw version resource data: 0xd060 LB 0x3d8, codepage 0x0 (reserved 0x0)]
15e8.2fc8:     ProductName:     System Interceptors PDK
15e8.2fc8:     ProductVersion:  15.1.202.0
15e8.2fc8:     FileVersion:     15.1.202.0
15e8.2fc8:     FileDescription: Mouse Device Filter [fre_win8_x64]
15e8.2fc8: \SystemRoot\System32\drivers\kneps.sys:
15e8.2fc8:     CreationTime:    2018-11-20T09:50:51.023345600Z
15e8.2fc8:     LastWriteTime:   2019-04-15T10:40:00.763705300Z
15e8.2fc8:     ChangeTime:      2019-09-02T18:03:17.110503200Z
15e8.2fc8:     FileAttributes:  0x20
15e8.2fc8:     Size:            0x35480
15e8.2fc8:     NT Headers:      0xf8
15e8.2fc8:     Timestamp:       0x5c7e4b42
15e8.2fc8:     Machine:         0x8664 - amd64
15e8.2fc8:     Timestamp:       0x5c7e4b42
15e8.2fc8:     Image Version:   6.2
15e8.2fc8:     SizeOfImage:     0x33000 (208896)
15e8.2fc8:     Resource Dir:    0x30000 LB 0x430
15e8.2fc8:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
15e8.2fc8:     [Raw version resource data: 0x30060 LB 0x3cc, codepage 0x0 (reserved 0x0)]
15e8.2fc8:     ProductName:     System Interceptors PDK
15e8.2fc8:     ProductVersion:  15.1.215.0
15e8.2fc8:     FileVersion:     15.1.215.0
15e8.2fc8:     FileDescription: Network Processor [fre_win8_x64]
15e8.2fc8: \SystemRoot\System32\klfphc.dll:
15e8.2fc8:     CreationTime:    2018-11-20T09:50:00.439136800Z
15e8.2fc8:     LastWriteTime:   2013-05-06T07:13:26.000000000Z
15e8.2fc8:     ChangeTime:      2019-09-02T18:03:16.860513700Z
15e8.2fc8:     FileAttributes:  0x2020
15e8.2fc8:     Size:            0x1ae60
15e8.2fc8:     NT Headers:      0xe8
15e8.2fc8:     Timestamp:       0x51873bf2
15e8.2fc8:     Machine:         0x8664 - amd64
15e8.2fc8:     Timestamp:       0x51873bf2
15e8.2fc8:     Image Version:   0.0
15e8.2fc8:     SizeOfImage:     0x1d000 (118784)
15e8.2fc8:     Resource Dir:    0x18000 LB 0x3c80
15e8.2fc8:     [Version info resource found at 0x188! (ID/Name: 0x1; SubID/SubName: 0x409)]
15e8.2fc8:     [Raw version resource data: 0x1b800 LB 0x324, codepage 0x4e4 (reserved 0x0)]
15e8.2fc8:     ProductName:     Kaspersky™ Anti-Virus ®
15e8.2fc8:     ProductVersion:  1.0.0.12
15e8.2fc8:     FileVersion:     1.0.0.12
15e8.2fc8:     FileDescription: Filtering Platform Helper Class
15e8.2fc8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
15e8.2fc8: Calling main()
15e8.2fc8: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
15e8.2fc8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
15e8.2fc8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
15e8.2fc8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
15e8.2fc8: SUPR3HardenedMain: Respawn #2
15e8.2fc8: supR3HardNtEnableThreadCreationEx:
15e8.2fc8: supR3HardenedDllNotificationCallback: load   00007ffedbab0000 LB 0x00120000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
15e8.2fc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
15e8.2fc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
15e8.2fc8: supR3HardenedDllNotificationCallback: load   00007ffedcac0000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
15e8.2fc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
15e8.2fc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
15e8.2fc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
15e8.2fc8: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
15e8.2fc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll)
15e8.2fc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
15e8.2fc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15e8.2fc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15e8.2fc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
15e8.2fc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
15e8.2fc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedd9e0000 'C:\WINDOWS\System32\ntdll.dll'
15e8.2fc8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffedda517f0 pvNtTerminateThread=00007ffedda7cb10
15e8.2fc8: supR3HardenedWinDoReSpawn(2): New child 506c.5344 [kernel32].
15e8.2fc8: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
15e8.2fc8: supR3HardNtChildGatherData: PebBaseAddress=00000000010d5000 cbPeb=0x388
15e8.2fc8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffedd9e0000 uNtDllChildAddr=00007ffedd9e0000
15e8.2fc8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffedda517f0
15e8.2fc8: supR3HardenedWinSetupChildInit: Start child.
15e8.2fc8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
15e8.2fc8: supR3HardNtChildPurify: Startup delay kludge #1/0: 518 ms, 56 sleeps
15e8.2fc8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
15e8.2fc8:  *0000000000000000-0000000000e1ffff 0x0001/0x0000 0x0000000
15e8.2fc8:  *0000000000e20000-0000000000e3ffff 0x0004/0x0004 0x0020000
15e8.2fc8:  *0000000000e40000-0000000000e5afff 0x0002/0x0002 0x0040000
15e8.2fc8:   0000000000e5b000-0000000000e5ffff 0x0001/0x0000 0x0000000
15e8.2fc8:  *0000000000e60000-0000000000f5afff 0x0000/0x0004 0x0020000
15e8.2fc8:   0000000000f5b000-0000000000f5dfff 0x0104/0x0004 0x0020000
15e8.2fc8:   0000000000f5e000-0000000000f5ffff 0x0004/0x0004 0x0020000
15e8.2fc8:  *0000000000f60000-0000000000f63fff 0x0002/0x0002 0x0040000
15e8.2fc8:   0000000000f64000-0000000000f6ffff 0x0001/0x0000 0x0000000
15e8.2fc8:  *0000000000f70000-0000000000f71fff 0x0004/0x0004 0x0020000
15e8.2fc8:   0000000000f72000-0000000000ffffff 0x0001/0x0000 0x0000000
15e8.2fc8:  *0000000001000000-00000000010d4fff 0x0000/0x0004 0x0020000
15e8.2fc8:   00000000010d5000-00000000010d7fff 0x0004/0x0004 0x0020000
15e8.2fc8:   00000000010d8000-00000000011fffff 0x0000/0x0004 0x0020000
15e8.2fc8:   0000000001200000-000000007ffdffff 0x0001/0x0000 0x0000000
15e8.2fc8:  *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
15e8.2fc8:   000000007ffe1000-000000007ffedfff 0x0001/0x0000 0x0000000
15e8.2fc8:  *000000007ffee000-000000007ffeefff 0x0002/0x0002 0x0020000
15e8.2fc8:   000000007ffef000-00007ff567acffff 0x0001/0x0000 0x0000000
15e8.2fc8:  *00007ff567ad0000-00007ff567ad0fff 0x0002/0x0002 0x0040000
15e8.2fc8:   00007ff567ad1000-00007ff567adffff 0x0001/0x0000 0x0000000
15e8.2fc8:  *00007ff567ae0000-00007ff567b02fff 0x0002/0x0002 0x0040000
15e8.2fc8:   00007ff567b03000-00007ff6e359ffff 0x0001/0x0000 0x0000000
15e8.2fc8:  *00007ff6e35a0000-00007ff6e35a0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
15e8.2fc8:   00007ff6e35a1000-00007ff6e3615fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
15e8.2fc8:   00007ff6e3616000-00007ff6e3616fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
15e8.2fc8:   00007ff6e3617000-00007ff6e365efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
15e8.2fc8:   00007ff6e365f000-00007ff6e365ffff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
15e8.2fc8:   00007ff6e3660000-00007ff6e3660fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
15e8.2fc8:   00007ff6e3661000-00007ff6e3665fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
15e8.2fc8:   00007ff6e3666000-00007ff6e3666fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
15e8.2fc8:   00007ff6e3667000-00007ff6e3667fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
15e8.2fc8:   00007ff6e3668000-00007ff6e366bfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
15e8.2fc8:   00007ff6e366c000-00007ff6e36b4fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
15e8.2fc8:   00007ff6e36b5000-00007ffedd9dffff 0x0001/0x0000 0x0000000
15e8.2fc8:  *00007ffedd9e0000-00007ffedd9e0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
15e8.2fc8:   00007ffedd9e1000-00007ffeddaf7fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
15e8.2fc8:   00007ffeddaf8000-00007ffeddb3efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
15e8.2fc8:   00007ffeddb3f000-00007ffeddb4afff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
15e8.2fc8:   00007ffeddb4b000-00007ffeddb59fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
15e8.2fc8:   00007ffeddb5a000-00007ffeddb5afff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
15e8.2fc8:   00007ffeddb5b000-00007ffeddb5dfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
15e8.2fc8:   00007ffeddb5e000-00007ffeddbcffff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
15e8.2fc8:   00007ffeddbd0000-00007ffffffeffff 0x0001/0x0000 0x0000000
15e8.2fc8: VirtualBoxVM.exe: timestamp 0x5d9f7c37 (rc=VINF_SUCCESS)
15e8.2fc8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
15e8.2fc8: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
15e8.2fc8: supR3HardNtChildPurify: Done after 593 ms and 0 fixes (loop #0).
506c.5344: Log file opened: 6.0.14r133895 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047bb00
506c.5344: supR3HardenedVmProcessInit: uNtDllAddr=00007ffedd9e0000 g_uNtVerCombined=0xa047bb00
506c.5344: ntdll.dll: timestamp 0x99ca0526 (rc=VINF_SUCCESS)
506c.5344: New simple heap: #1 0000000001300000 LB 0x400000 (for 2031616 allocation)
15e8.2fc8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000d00000 LB 0x400000)
15e8.2fc8: supR3HardNtEnableThreadCreationEx:
506c.5344: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
506c.5344: System32:  \Device\HarddiskVolume2\Windows\System32
506c.5344: WinSxS:    \Device\HarddiskVolume2\Windows\WinSxS
506c.5344: KnownDllPath: C:\WINDOWS\System32
506c.5344: supR3HardenedVmProcessInit: Opening vboxdrv...
506c.5344: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
506c.5344: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
506c.5344: Registered Dll notification callback with NTDLL.
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
506c.5344: supR3HardenedDllNotificationCallback: load   00007ffedaeb0000 LB 0x002a3000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
506c.5344: supR3HardenedDllNotificationCallback: load   00007ffedbd30000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedbd30000 'C:\WINDOWS\System32\KERNEL32.DLL'
506c.5344: supR3HardenedDllNotificationCallback: load   00007ff6e35a0000 LB 0x00115000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
506c.5344: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
506c.5344: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
506c.5344: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffedda517f0 pvNtTerminateThread=00007ffedda7cb10
15e8.2fc8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 448 ms.
506c.5344: \SystemRoot\System32\ntdll.dll:
506c.5344:     CreationTime:    2019-10-10T14:11:58.713323600Z
506c.5344:     LastWriteTime:   2019-10-10T14:11:58.802238300Z
506c.5344:     ChangeTime:      2019-11-14T16:05:50.146664100Z
506c.5344:     FileAttributes:  0x20
506c.5344:     Size:            0x1e8528
506c.5344:     NT Headers:      0xd8
506c.5344:     Timestamp:       0x99ca0526
506c.5344:     Machine:         0x8664 - amd64
506c.5344:     Timestamp:       0x99ca0526
506c.5344:     Image Version:   10.0
506c.5344:     SizeOfImage:     0x1f0000 (2031616)
506c.5344:     Resource Dir:    0x17f000 LB 0x6f310
506c.5344:     [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
506c.5344:     [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
506c.5344:     ProductName:     Microsoft® Windows® Operating System
506c.5344:     ProductVersion:  10.0.18362.418
506c.5344:     FileVersion:     10.0.18362.418 (WinBuild.160101.0800)
506c.5344:     FileDescription: NT Layer DLL
506c.5344: \SystemRoot\System32\kernel32.dll:
506c.5344:     CreationTime:    2019-09-13T19:37:38.549674400Z
506c.5344:     LastWriteTime:   2019-09-13T19:37:38.586602800Z
506c.5344:     ChangeTime:      2019-11-14T16:05:49.709071400Z
506c.5344:     FileAttributes:  0x20
506c.5344:     Size:            0xb0570
506c.5344:     NT Headers:      0xe8
506c.5344:     Timestamp:       0xd0cecc10
506c.5344:     Machine:         0x8664 - amd64
506c.5344:     Timestamp:       0xd0cecc10
506c.5344:     Image Version:   10.0
506c.5344:     SizeOfImage:     0xb2000 (729088)
506c.5344:     Resource Dir:    0xb0000 LB 0x520
506c.5344:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
506c.5344:     [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
506c.5344:     ProductName:     Microsoft® Windows® Operating System
506c.5344:     ProductVersion:  10.0.18362.329
506c.5344:     FileVersion:     10.0.18362.329 (WinBuild.160101.0800)
506c.5344:     FileDescription: Windows NT BASE API Client DLL
506c.5344: \SystemRoot\System32\KernelBase.dll:
506c.5344:     CreationTime:    2019-11-14T16:03:37.286662400Z
506c.5344:     LastWriteTime:   2019-11-14T16:03:37.415540100Z
506c.5344:     ChangeTime:      2019-11-14T19:08:57.586841900Z
506c.5344:     FileAttributes:  0x20
506c.5344:     Size:            0x2a2908
506c.5344:     NT Headers:      0xf0
506c.5344:     Timestamp:       0x83c3d83a
506c.5344:     Machine:         0x8664 - amd64
506c.5344:     Timestamp:       0x83c3d83a
506c.5344:     Image Version:   10.0
506c.5344:     SizeOfImage:     0x2a3000 (2764800)
506c.5344:     Resource Dir:    0x27d000 LB 0x548
506c.5344:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
506c.5344:     [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
506c.5344:     ProductName:     Microsoft® Windows® Operating System
506c.5344:     ProductVersion:  10.0.18362.476
506c.5344:     FileVersion:     10.0.18362.476 (WinBuild.160101.0800)
506c.5344:     FileDescription: Windows NT BASE API Client DLL
506c.5344: \SystemRoot\System32\apisetschema.dll:
506c.5344:     CreationTime:    2019-03-19T04:43:54.837151500Z
506c.5344:     LastWriteTime:   2019-03-19T04:43:54.837151500Z
506c.5344:     ChangeTime:      2019-11-14T16:05:49.339411400Z
506c.5344:     FileAttributes:  0x20
506c.5344:     Size:            0x1d028
506c.5344:     NT Headers:      0xc8
506c.5344:     Timestamp:       0xd6ced080
506c.5344:     Machine:         0x8664 - amd64
506c.5344:     Timestamp:       0xd6ced080
506c.5344:     Image Version:   10.0
506c.5344:     SizeOfImage:     0x1e000 (122880)
506c.5344:     Resource Dir:    0x1d000 LB 0x408
506c.5344:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
506c.5344:     [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
506c.5344:     ProductName:     Microsoft® Windows® Operating System
506c.5344:     ProductVersion:  10.0.18362.1
506c.5344:     FileVersion:     10.0.18362.1 (WinBuild.160101.0800)
506c.5344:     FileDescription: ApiSet Schema DLL
506c.5344: Found driver klkbdflt (0x40)
506c.5344: Found driver klmouflt (0x40)
506c.5344: Found driver KLIM6 (0x40)
506c.5344: Found driver kneps (0x40)
506c.5344: Found driver klflt (0x40)
506c.5344: supR3HardenedWinFindAdversaries: 0x40
506c.5344: \SystemRoot\System32\drivers\klflt.sys:
506c.5344:     CreationTime:    2018-11-20T09:50:50.978328500Z
506c.5344:     LastWriteTime:   2019-08-07T13:01:58.292832100Z
506c.5344:     ChangeTime:      2019-09-02T18:03:17.094878400Z
506c.5344:     FileAttributes:  0x20
506c.5344:     Size:            0x39c80
506c.5344:     NT Headers:      0xf8
506c.5344:     Timestamp:       0x5d0ce55e
506c.5344:     Machine:         0x8664 - amd64
506c.5344:     Timestamp:       0x5d0ce55e
506c.5344:     Image Version:   6.2
506c.5344:     SizeOfImage:     0x47000 (290816)
506c.5344:     Resource Dir:    0x44000 LB 0x420
506c.5344:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
506c.5344:     [Raw version resource data: 0x44060 LB 0x3c0, codepage 0x0 (reserved 0x0)]
506c.5344:     ProductName:     System Interceptors PDK
506c.5344:     ProductVersion:  15.1.244.0
506c.5344:     FileVersion:     15.1.244.0
506c.5344:     FileDescription: Filter Core [fre_win8_x64]
506c.5344: \SystemRoot\System32\drivers\klif.sys:
506c.5344:     CreationTime:    2018-11-20T09:50:50.982331000Z
506c.5344:     LastWriteTime:   2019-08-07T13:01:58.766393500Z
506c.5344:     ChangeTime:      2019-09-02T18:03:17.094878400Z
506c.5344:     FileAttributes:  0x20
506c.5344:     Size:            0x11d280
506c.5344:     NT Headers:      0x108
506c.5344:     Timestamp:       0x5d0ce567
506c.5344:     Machine:         0x8664 - amd64
506c.5344:     Timestamp:       0x5d0ce567
506c.5344:     Image Version:   6.2
506c.5344:     SizeOfImage:     0x121000 (1183744)
506c.5344:     Resource Dir:    0x118000 LB 0x29a0
506c.5344:     [Version info resource found at 0x150! (ID/Name: 0x1; SubID/SubName: 0x409)]
506c.5344:     [Raw version resource data: 0x118618 LB 0x3d8, codepage 0x0 (reserved 0x0)]
506c.5344:     ProductName:     System Interceptors PDK
506c.5344:     ProductVersion:  15.1.244.0
506c.5344:     FileVersion:     15.1.244.0
506c.5344:     FileDescription: Core System Interceptors [fre_win8_x64]
506c.5344: \SystemRoot\System32\drivers\klim6.sys:
506c.5344:     CreationTime:    2018-02-12T03:17:16.000000000Z
506c.5344:     LastWriteTime:   2019-04-15T10:39:11.262715200Z
506c.5344:     ChangeTime:      2019-10-30T20:14:04.378005300Z
506c.5344:     FileAttributes:  0x20
506c.5344:     Size:            0xe550
506c.5344:     NT Headers:      0xf0
506c.5344:     Timestamp:       0x5c543766
506c.5344:     Machine:         0x8664 - amd64
506c.5344:     Timestamp:       0x5c543766
506c.5344:     Image Version:   6.2
506c.5344:     SizeOfImage:     0xb000 (45056)
506c.5344:     Resource Dir:    0x9000 LB 0x438
506c.5344:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
506c.5344:     [Raw version resource data: 0x9060 LB 0x3d4, codepage 0x0 (reserved 0x0)]
506c.5344:     ProductName:     System Interceptors PDK
506c.5344:     ProductVersion:  15.1.203.0
506c.5344:     FileVersion:     15.1.203.0
506c.5344:     FileDescription: Packet Network Filter [fre_win8_x64]
506c.5344: \SystemRoot\System32\drivers\klkbdflt.sys:
506c.5344:     CreationTime:    2018-11-20T09:50:50.988333100Z
506c.5344:     LastWriteTime:   2019-04-15T10:40:00.034381700Z
506c.5344:     ChangeTime:      2019-09-02T18:03:17.094878400Z
506c.5344:     FileAttributes:  0x20
506c.5344:     Size:            0xec78
506c.5344:     NT Headers:      0xe8
506c.5344:     Timestamp:       0x5c516e05
506c.5344:     Machine:         0x8664 - amd64
506c.5344:     Timestamp:       0x5c516e05
506c.5344:     Image Version:   6.2
506c.5344:     SizeOfImage:     0xd000 (53248)
506c.5344:     Resource Dir:    0xb000 LB 0x440
506c.5344:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
506c.5344:     [Raw version resource data: 0xb060 LB 0x3dc, codepage 0x0 (reserved 0x0)]
506c.5344:     ProductName:     System Interceptors PDK
506c.5344:     ProductVersion:  15.1.204.0
506c.5344:     FileVersion:     15.1.204.0
506c.5344:     FileDescription: Keyboard Device Filter [fre_win8_x64]
506c.5344: \SystemRoot\System32\drivers\klmouflt.sys:
506c.5344:     CreationTime:    2018-11-20T09:50:50.991334300Z
506c.5344:     LastWriteTime:   2019-04-15T10:40:00.105316500Z
506c.5344:     ChangeTime:      2019-09-02T18:03:17.094878400Z
506c.5344:     FileAttributes:  0x20
506c.5344:     Size:            0xed70
506c.5344:     NT Headers:      0xd8
506c.5344:     Timestamp:       0x5c4c6ef9
506c.5344:     Machine:         0x8664 - amd64
506c.5344:     Timestamp:       0x5c4c6ef9
506c.5344:     Image Version:   6.2
506c.5344:     SizeOfImage:     0xf000 (61440)
506c.5344:     Resource Dir:    0xd000 LB 0x438
506c.5344:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
506c.5344:     [Raw version resource data: 0xd060 LB 0x3d8, codepage 0x0 (reserved 0x0)]
506c.5344:     ProductName:     System Interceptors PDK
506c.5344:     ProductVersion:  15.1.202.0
506c.5344:     FileVersion:     15.1.202.0
506c.5344:     FileDescription: Mouse Device Filter [fre_win8_x64]
506c.5344: \SystemRoot\System32\drivers\kneps.sys:
506c.5344:     CreationTime:    2018-11-20T09:50:51.023345600Z
506c.5344:     LastWriteTime:   2019-04-15T10:40:00.763705300Z
506c.5344:     ChangeTime:      2019-09-02T18:03:17.110503200Z
506c.5344:     FileAttributes:  0x20
506c.5344:     Size:            0x35480
506c.5344:     NT Headers:      0xf8
506c.5344:     Timestamp:       0x5c7e4b42
506c.5344:     Machine:         0x8664 - amd64
506c.5344:     Timestamp:       0x5c7e4b42
506c.5344:     Image Version:   6.2
506c.5344:     SizeOfImage:     0x33000 (208896)
506c.5344:     Resource Dir:    0x30000 LB 0x430
506c.5344:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
506c.5344:     [Raw version resource data: 0x30060 LB 0x3cc, codepage 0x0 (reserved 0x0)]
506c.5344:     ProductName:     System Interceptors PDK
506c.5344:     ProductVersion:  15.1.215.0
506c.5344:     FileVersion:     15.1.215.0
506c.5344:     FileDescription: Network Processor [fre_win8_x64]
506c.5344: \SystemRoot\System32\klfphc.dll:
506c.5344:     CreationTime:    2018-11-20T09:50:00.439136800Z
506c.5344:     LastWriteTime:   2013-05-06T07:13:26.000000000Z
506c.5344:     ChangeTime:      2019-09-02T18:03:16.860513700Z
506c.5344:     FileAttributes:  0x2020
506c.5344:     Size:            0x1ae60
506c.5344:     NT Headers:      0xe8
506c.5344:     Timestamp:       0x51873bf2
506c.5344:     Machine:         0x8664 - amd64
506c.5344:     Timestamp:       0x51873bf2
506c.5344:     Image Version:   0.0
506c.5344:     SizeOfImage:     0x1d000 (118784)
506c.5344:     Resource Dir:    0x18000 LB 0x3c80
506c.5344:     [Version info resource found at 0x188! (ID/Name: 0x1; SubID/SubName: 0x409)]
506c.5344:     [Raw version resource data: 0x1b800 LB 0x324, codepage 0x4e4 (reserved 0x0)]
506c.5344:     ProductName:     Kaspersky™ Anti-Virus ®
506c.5344:     ProductVersion:  1.0.0.12
506c.5344:     FileVersion:     1.0.0.12
506c.5344:     FileDescription: Filtering Platform Helper Class
506c.5344: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
506c.5344: Calling main()
506c.5344: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
506c.5344: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
506c.5344: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
506c.5344: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
506c.5344: SUPR3HardenedMain: Final process, opening VBoxDrv...
506c.5344: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001300000 LB 0x400000)
506c.5344: supR3HardNtEnableThreadCreationEx:
506c.5344: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
506c.5344: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedDllNotificationCallback: load   00007ffed7120000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed7120000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed7120000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed7120000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'msasn1.dll'.
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
506c.5344: supR3HardenedDllNotificationCallback: load   00007ffedc080000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedDllNotificationCallback: load   00007ffeda900000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedDllNotificationCallback: load   00007ffeda9b0000 LB 0x000fa000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ucrtbase.dll
506c.5344: supR3HardenedDllNotificationCallback: load   00007ffedb190000 LB 0x00149000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedDllNotificationCallback: load   00007ffedbab0000 LB 0x00120000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedDllNotificationCallback: load   00007ffedaab0000 LB 0x0005c000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedaeb0000 'api-ms-win-core-synch-l1-2-0'
506c.5344: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedaeb0000 'api-ms-win-core-fibers-l1-1-1'
506c.5344: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedaeb0000 'api-ms-win-core-fibers-l1-1-1'
506c.5344: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedaeb0000 'api-ms-win-core-synch-l1-2-0'
506c.5344: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedaeb0000 'api-ms-win-core-localization-l1-2-1'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedaab0000 'C:\WINDOWS\system32\Wintrust.dll'
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
506c.5344: supR3HardenedDllNotificationCallback: load   00007ffedb160000 LB 0x00026000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0]
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb160000 'C:\WINDOWS\system32\bcrypt.dll'
506c.5344: bcrypt.dll loaded at 00007ffedb160000, BCryptOpenAlgorithmProvider at 00007ffedb164c70, preloading providers:
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedDllNotificationCallback: load   00007ffedad60000 LB 0x00080000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedad60000 'C:\WINDOWS\system32\bcryptprimitives.dll'
506c.5344:     BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000182fd90)
506c.5344:     BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000018302e0)
506c.5344:     BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000018305e0)
506c.5344:     BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000018308e0)
506c.5344:     BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000001830be0)
506c.5344:     BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000001830ee0)
506c.5344:     BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000018311e0)
506c.5344:     BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000018318f0)
506c.5344: supR3HardenedDllNotificationCallback: load   00007ffeda990000 LB 0x00017000 C:\WINDOWS\System32\CRYPTSP.dll [fFlags=0x0]
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedDllNotificationCallback: load   00007ffed9bc0000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
506c.5344: supR3HardenedDllNotificationCallback: load   00007ffeda1c0000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedbd30000 'C:\WINDOWS\System32\kernel32.dll'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedaab0000 'C:\WINDOWS\System32\WINTRUST.DLL'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\System32\CRYPT32.dll'
506c.5344: supR3HardenedDllNotificationCallback: load   00007ffedba90000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedDllNotificationCallback: load   00007ffedcac0000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
506c.5344: supR3HardenedDllNotificationCallback: load   00007ffed9460000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedDllNotificationCallback: load   00007ffeda8e0000 LB 0x0001f000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
506c.5344: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedDllNotificationCallback: load   00007ffec95a0000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec95a0000 'C:\WINDOWS\System32\cryptnet.dll'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec95a0000 'C:\WINDOWS\System32\cryptnet.dll'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec95a0000 'C:\WINDOWS\System32\cryptnet.dll'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec95a0000 'C:\WINDOWS\System32\cryptnet.dll'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec95a0000 'C:\WINDOWS\System32\cryptnet.dll'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec95a0000 'C:\WINDOWS\System32\cryptnet.dll'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec95a0000 'C:\WINDOWS\System32\cryptnet.dll'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec95a0000 'C:\WINDOWS\System32\cryptnet.dll'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec95a0000 'C:\WINDOWS\System32\cryptnet.dll'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec95a0000 'C:\WINDOWS\System32\cryptnet.dll'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec95a0000 'C:\WINDOWS\System32\cryptnet.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec95a0000 'C:\WINDOWS\System32\cryptnet.dll'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec95a0000 'C:\Windows\System32\cryptnet.dll'
506c.5344: supR3HardenedDllNotificationCallback: load   00007ffedc2e0000 LB 0x000a3000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\System32\crypt32.dll'
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000187bb80
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000187bb80
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E42142C43484BA84DDDB10D97303487D47E882DE
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedbab0000 'C:\WINDOWS\System32\rpcrt4.dll'
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168)
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000018937a0
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000018937a0
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=F51F53D8DB5F3ADE5E8F8D8375422AD759A6C4A6995384A6D9FC758F803C765B
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168)
506c.5344: g_pfnWinVerifyTrust=00007ffedaab61f0
506c.5344: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\System32\crypt32.dll'
506c.5344: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
506c.5344: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\System32\crypt32.dll'
506c.5344: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\System32\crypt32.dll'
506c.5344: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000374 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000187bb80
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000187bb80
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=09032EBC3D9D9BDDC0EE4A6463C043296B79FF20
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000001840a20
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001840a20
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=09032EBC3D9D9BDDC0EE4A6463C043296B79FF20
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168)
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000018937a0
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000018937a0
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=22186588BDA4845FA9E0DBF8BEA457D094106A66CEA15B5F867FB5BDCE35A45C
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000018407e0
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000018407e0
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=22186588BDA4845FA9E0DBF8BEA457D094106A66CEA15B5F867FB5BDCE35A45C
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168)
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
506c.5344: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\System32\crypt32.dll'
506c.5344: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\System32\crypt32.dll'
506c.5344: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\System32\crypt32.dll'
506c.5344: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\System32\crypt32.dll'
506c.5344: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\System32\crypt32.dll'
506c.5344: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\System32\crypt32.dll'
506c.5344: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\System32\crypt32.dll'
506c.5344: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\System32\crypt32.dll'
506c.5344: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\System32\crypt32.dll'
506c.5344: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\System32\crypt32.dll'
506c.5344: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\System32\crypt32.dll'
506c.5344: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\System32\crypt32.dll'
506c.5344: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\System32\crypt32.dll'
506c.5344: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\System32\crypt32.dll'
506c.5344: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\System32\crypt32.dll'
506c.5344: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\system32\crypt32.dll'
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x2bc683c58e2cbc00 O=AO Kaspersky Lab, CN=Kaspersky Anti-Virus Personal Root Certificate
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x5d69cb6e161d56a6 CN=ADELIO-TOSH
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x5e15181e66d5693c CN=Schneider Electric (XBTZG935)
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x9942683711eed300 CN=ADELIO-TOSH
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x8cfc0497215eae81 CN=Delta Electronics Inc.
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x50bb81640c01cb00 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x9403a4b8727eb000 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x802b3770cb00af00 C=EU, L=Madrid (see current address at www.camerfirma.com/address), SRN=A82743287, O=AC Camerfirma S.A., CN=Chambers of Commerce Root - 2008
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xdb2cd5c20d0aaf00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 2 Public Primary Certification Authority - G3
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x73e85f1bda5faa00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xef477acf4ab2d300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x9b3ae4d356dfc000 C=EU, L=Madrid (see current address at www.camerfirma.com/address), SRN=A82743287, O=AC Camerfirma S.A., CN=Global Chambersign Root - 2008
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xbb6e19f43fdcce00 C=PT, O=MULTICERT - Serviços de Certificação Electrónica S.A., CN=MULTICERT Root Certification Authority 01
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xa321f027ebbec200 O=TeliaSonera, CN=TeliaSonera Root CA v1
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xac1e0fca7ad3c900 C=ES, O=IZENPE S.A., CN=Izenpe.com
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x3b2a6f973b859500 CN=Atos TrustedRoot 2011, O=Atos, C=DE
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xa7f9b4b9d484dd00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 1 Public Primary Certification Authority - G3
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
506c.5344: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
506c.5344: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=76
506c.5344: SUPR3HardenedMain: Load Runtime...
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\System32\crypt32.dll'
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
506c.5344: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
506c.5344: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
506c.5344: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
506c.5344: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
506c.5344: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
506c.5344: supR3HardenedDllNotificationCallback: load   0000000077570000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
506c.5344: supR3HardenedDllNotificationCallback: load   00000000769f0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
506c.5344: supR3HardenedDllNotificationCallback: load   00007ffedc530000 LB 0x0006f000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
506c.5344: supR3HardenedDllNotificationCallback: load   00007ffea0270000 LB 0x005e2000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
506c.5344: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
506c.5344: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0270000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedaab0000 'C:\WINDOWS\system32\Wintrust.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\System32\crypt32.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\system32\crypt32.dll'
506c.5344: SUPR3HardenedMain: Load TrustedMain...
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxglobal.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\System32\crypt32.dll'
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
506c.5344: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmmbase.dll)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\System32\crypt32.dll'
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
506c.5344: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'bcryptprimitives.dll'.
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
506c.5344: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\System32\crypt32.dll'
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'gdi32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'user32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'combase.dll'.
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
506c.5344: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
506c.5344: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'win32u.dll'.
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
506c.5344: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
506c.5344: '\Device\HarddiskVolume2\Windows\System32\win32u.dll' has no imports
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\win32u.dll)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\win32u.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\System32\crypt32.dll'
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll) WinVerifyTrust
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
506c.5344: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
506c.5344: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
506c.5344: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
506c.5344: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
506c.5344: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
506c.5344: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
506c.5344: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #77 'user32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #79 'gdi32.dll'.
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
506c.5344: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
506c.5344: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
506c.5344: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
506c.5344: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
506c.5344: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxglobal.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxglobal.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxglobal.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
506c.5344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
506c.5344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGlobal.dll) WinVerifyTrust
506c.5344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000464 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001840a20
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001840a20
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0837440FAE05EB650168FFA2D15E73182F6A3A26
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000018401e0
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000018401e0
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0837440FAE05EB650168FFA2D15E73182F6A3A26
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168)
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000018407e0
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000018407e0
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=6622493BDCECA5422FCE0B921D6626202D89C04B3EFCC5A76BF19A9905D8BD33
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000183ffa0
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000183ffa0
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=6622493BDCECA5422FCE0B921D6626202D89C04B3EFCC5A76BF19A9905D8BD33
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168)
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
506c.5344: supR3HardenedScreenImage/Imports: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
506c.5344: Error (rc=0):
506c.5344: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume2\Windows\System32\opengl32.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\System32\crypt32.dll'
506c.5344: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
506c.5344: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
506c.5344: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
506c.5344: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
506c.5344: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
506c.5344: Error (rc=0):
506c.5344: supR3HardenedScreenImage/NtCreateSection: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x10 fAccess=0xd cHits=3 \Device\HarddiskVolume2\Windows\System32\opengl32.dll
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000504 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000018401e0
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000018401e0
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F356C86D0A2DBA0570D09B39D4AF818DFCB17010
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000018401e0
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000018401e0
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F356C86D0A2DBA0570D09B39D4AF818DFCB17010
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168)
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000183ffa0
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000183ffa0
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=41D97903DE3C10BFE43059393A6DD1DB671F42BFA9627D4C98589CCC6ADA69C2
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000001840060
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001840060
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=41D97903DE3C10BFE43059393A6DD1DB671F42BFA9627D4C98589CCC6ADA69C2
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168)
506c.5344: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
506c.5344: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\System32\crypt32.dll'
506c.5344: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\System32\crypt32.dll'
506c.5344: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\System32\crypt32.dll'
506c.5344: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\System32\crypt32.dll'
506c.5344: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\System32\crypt32.dll'
506c.5344: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\System32\crypt32.dll'
506c.5344: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\combase.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed9bc0000 'C:\WINDOWS\system32\rsaenh.dll'
506c.5344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedb190000 'C:\WINDOWS\System32\crypt32.dll'
506c.5344: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'
506c.5344: Fatal error:
506c.5344: supR3HardenedMainGetTrustedMain: LoadLibrary "C:\Program Files\Oracle\VirtualBox/VirtualBoxVM.dll" failed, rc=1790
15e8.2fc8: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 4957 ms, the end);
18c0.2284: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 6207 ms, the end);