VirtualBox

Ticket #17393: VBoxHardening.log

File VBoxHardening.log, 120.5 KB (added by SUPARI, 7 years ago)

log file

Line 
11b70.1ad4: Log file opened: 5.1.16r113841 g_hStartupLog=0000000000000068 g_uNtVerCombined=0xa03fab00
21b70.1ad4: \SystemRoot\System32\ntdll.dll:
31b70.1ad4: CreationTime: 2017-12-08T05:17:44.303593300Z
41b70.1ad4: LastWriteTime: 2017-12-08T05:17:44.469672500Z
51b70.1ad4: ChangeTime: 2017-12-13T10:17:11.337894700Z
61b70.1ad4: FileAttributes: 0x20
71b70.1ad4: Size: 0x1dd100
81b70.1ad4: NT Headers: 0xe0
91b70.1ad4: Timestamp: 0x493793ea
101b70.1ad4: Machine: 0x8664 - amd64
111b70.1ad4: Timestamp: 0x493793ea
121b70.1ad4: Image Version: 10.0
131b70.1ad4: SizeOfImage: 0x1e0000 (1966080)
141b70.1ad4: Resource Dir: 0x174000 LB 0x6a1d8
151b70.1ad4: ProductName: Microsoft® Windows® Operating System
161b70.1ad4: ProductVersion: 10.0.16299.64
171b70.1ad4: FileVersion: 10.0.16299.64 (WinBuild.160101.0800)
181b70.1ad4: FileDescription: NT Layer DLL
191b70.1ad4: \SystemRoot\System32\kernel32.dll:
201b70.1ad4: CreationTime: 2017-09-29T13:42:04.954227600Z
211b70.1ad4: LastWriteTime: 2017-09-29T13:42:04.954227600Z
221b70.1ad4: ChangeTime: 2017-12-08T20:50:27.463795300Z
231b70.1ad4: FileAttributes: 0x20
241b70.1ad4: Size: 0xab868
251b70.1ad4: NT Headers: 0xe8
261b70.1ad4: Timestamp: 0xc2cf900
271b70.1ad4: Machine: 0x8664 - amd64
281b70.1ad4: Timestamp: 0xc2cf900
291b70.1ad4: Image Version: 10.0
301b70.1ad4: SizeOfImage: 0xae000 (712704)
311b70.1ad4: Resource Dir: 0xac000 LB 0x520
321b70.1ad4: ProductName: Microsoft® Windows® Operating System
331b70.1ad4: ProductVersion: 10.0.16299.15
341b70.1ad4: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
351b70.1ad4: FileDescription: Windows NT BASE API Client DLL
361b70.1ad4: \SystemRoot\System32\KernelBase.dll:
371b70.1ad4: CreationTime: 2017-09-29T13:41:43.124345500Z
381b70.1ad4: LastWriteTime: 2017-09-29T13:41:43.124345500Z
391b70.1ad4: ChangeTime: 2017-12-08T20:50:27.526272500Z
401b70.1ad4: FileAttributes: 0x20
411b70.1ad4: Size: 0x266000
421b70.1ad4: NT Headers: 0xf0
431b70.1ad4: Timestamp: 0x4736733c
441b70.1ad4: Machine: 0x8664 - amd64
451b70.1ad4: Timestamp: 0x4736733c
461b70.1ad4: Image Version: 10.0
471b70.1ad4: SizeOfImage: 0x266000 (2514944)
481b70.1ad4: Resource Dir: 0x245000 LB 0x548
491b70.1ad4: ProductName: Microsoft® Windows® Operating System
501b70.1ad4: ProductVersion: 10.0.16299.15
511b70.1ad4: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
521b70.1ad4: FileDescription: Windows NT BASE API Client DLL
531b70.1ad4: \SystemRoot\System32\apisetschema.dll:
541b70.1ad4: CreationTime: 2017-09-29T13:42:07.095026600Z
551b70.1ad4: LastWriteTime: 2017-09-29T13:42:07.095026600Z
561b70.1ad4: ChangeTime: 2017-12-15T12:18:23.281148200Z
571b70.1ad4: FileAttributes: 0x20
581b70.1ad4: Size: 0x1b398
591b70.1ad4: NT Headers: 0xc8
601b70.1ad4: Timestamp: 0xf30abf31
611b70.1ad4: Machine: 0x8664 - amd64
621b70.1ad4: Timestamp: 0xf30abf31
631b70.1ad4: Image Version: 10.0
641b70.1ad4: SizeOfImage: 0x1c000 (114688)
651b70.1ad4: Resource Dir: 0x1b000 LB 0x408
661b70.1ad4: ProductName: Microsoft® Windows® Operating System
671b70.1ad4: ProductVersion: 10.0.16299.15
681b70.1ad4: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
691b70.1ad4: FileDescription: ApiSet Schema DLL
701b70.1ad4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
711b70.1ad4: supR3HardenedWinFindAdversaries: 0x4
721b70.1ad4: \SystemRoot\System32\drivers\aswHwid.sys:
731b70.1ad4: CreationTime: 2017-12-08T05:32:36.270047300Z
741b70.1ad4: LastWriteTime: 2017-12-23T03:42:57.586447300Z
751b70.1ad4: ChangeTime: 2017-12-23T03:43:17.933620400Z
761b70.1ad4: FileAttributes: 0x20
771b70.1ad4: Size: 0xb780
781b70.1ad4: NT Headers: 0xe8
791b70.1ad4: Timestamp: 0x5a3021aa
801b70.1ad4: Machine: 0x8664 - amd64
811b70.1ad4: Timestamp: 0x5a3021aa
821b70.1ad4: Image Version: 6.0
831b70.1ad4: SizeOfImage: 0xa000 (40960)
841b70.1ad4: Resource Dir: 0x8000 LB 0x388
851b70.1ad4: ProductName: Avast Antivirus
861b70.1ad4: ProductVersion: 17.9.3754.0
871b70.1ad4: FileVersion: 17.9.3754.0
881b70.1ad4: FileDescription: Avast HWID
891b70.1ad4: \SystemRoot\System32\drivers\aswMonFlt.sys:
901b70.1ad4: CreationTime: 2017-12-08T05:32:36.294165700Z
911b70.1ad4: LastWriteTime: 2017-12-23T03:42:57.639240800Z
921b70.1ad4: ChangeTime: 2017-12-23T03:43:17.933620400Z
931b70.1ad4: FileAttributes: 0x20
941b70.1ad4: Size: 0x23ce8
951b70.1ad4: NT Headers: 0xf0
961b70.1ad4: Timestamp: 0x5a30243f
971b70.1ad4: Machine: 0x8664 - amd64
981b70.1ad4: Timestamp: 0x5a30243f
991b70.1ad4: Image Version: 6.0
1001b70.1ad4: SizeOfImage: 0x27000 (159744)
1011b70.1ad4: Resource Dir: 0x25000 LB 0x3b0
1021b70.1ad4: ProductName: Avast Antivirus
1031b70.1ad4: ProductVersion: 17.9.3754.0
1041b70.1ad4: FileVersion: 17.9.3754.0
1051b70.1ad4: FileDescription: Avast File System Minifilter for Windows 2003/Vista
1061b70.1ad4: \SystemRoot\System32\drivers\aswRdr2.sys:
1071b70.1ad4: CreationTime: 2017-12-08T05:32:36.312766900Z
1081b70.1ad4: LastWriteTime: 2017-12-23T03:42:56.985959700Z
1091b70.1ad4: ChangeTime: 2017-12-23T03:43:17.934120300Z
1101b70.1ad4: FileAttributes: 0x20
1111b70.1ad4: Size: 0x1af00
1121b70.1ad4: NT Headers: 0xf0
1131b70.1ad4: Timestamp: 0x5a3021c2
1141b70.1ad4: Machine: 0x8664 - amd64
1151b70.1ad4: Timestamp: 0x5a3021c2
1161b70.1ad4: Image Version: 6.1
1171b70.1ad4: SizeOfImage: 0x1a000 (106496)
1181b70.1ad4: Resource Dir: 0x18000 LB 0x398
1191b70.1ad4: ProductName: Avast Antivirus
1201b70.1ad4: ProductVersion: 17.9.3754.0
1211b70.1ad4: FileVersion: 17.9.3754.0 built by: WinDDK
1221b70.1ad4: FileDescription: Avast WFP Redirect Driver
1231b70.1ad4: \SystemRoot\System32\drivers\aswRvrt.sys:
1241b70.1ad4: CreationTime: 2017-12-08T05:32:36.317839300Z
1251b70.1ad4: LastWriteTime: 2017-12-23T03:42:57.709545000Z
1261b70.1ad4: ChangeTime: 2017-12-23T03:43:17.934120300Z
1271b70.1ad4: FileAttributes: 0x20
1281b70.1ad4: Size: 0x149a0
1291b70.1ad4: NT Headers: 0xf0
1301b70.1ad4: Timestamp: 0x5a3021ae
1311b70.1ad4: Machine: 0x8664 - amd64
1321b70.1ad4: Timestamp: 0x5a3021ae
1331b70.1ad4: Image Version: 6.0
1341b70.1ad4: SizeOfImage: 0x13000 (77824)
1351b70.1ad4: Resource Dir: 0x11000 LB 0x388
1361b70.1ad4: ProductName: Avast Antivirus
1371b70.1ad4: ProductVersion: 17.9.3754.0
1381b70.1ad4: FileVersion: 17.9.3754.0
1391b70.1ad4: FileDescription: Avast Revert
1401b70.1ad4: \SystemRoot\System32\drivers\aswSnx.sys:
1411b70.1ad4: CreationTime: 2017-12-08T05:32:36.322844100Z
1421b70.1ad4: LastWriteTime: 2017-12-23T03:42:33.853316300Z
1431b70.1ad4: ChangeTime: 2017-12-23T03:43:17.934120300Z
1441b70.1ad4: FileAttributes: 0x20
1451b70.1ad4: Size: 0xfa498
1461b70.1ad4: NT Headers: 0xe8
1471b70.1ad4: Timestamp: 0x5a3021c6
1481b70.1ad4: Machine: 0x8664 - amd64
1491b70.1ad4: Timestamp: 0x5a3021c6
1501b70.1ad4: Image Version: 6.0
1511b70.1ad4: SizeOfImage: 0xf8000 (1015808)
1521b70.1ad4: Resource Dir: 0xf0000 LB 0x378
1531b70.1ad4: ProductName: Avast Antivirus
1541b70.1ad4: ProductVersion: 17.9.3754.0
1551b70.1ad4: FileVersion: 17.9.3754.0
1561b70.1ad4: FileDescription: Avast Virtualization Driver
1571b70.1ad4: \SystemRoot\System32\drivers\aswsp.sys:
1581b70.1ad4: CreationTime: 2017-12-08T05:32:36.343755500Z
1591b70.1ad4: LastWriteTime: 2017-12-23T03:42:57.777401300Z
1601b70.1ad4: ChangeTime: 2017-12-23T03:43:17.934120300Z
1611b70.1ad4: FileAttributes: 0x20
1621b70.1ad4: Size: 0x6fab8
1631b70.1ad4: NT Headers: 0xe0
1641b70.1ad4: Timestamp: 0x5a302454
1651b70.1ad4: Machine: 0x8664 - amd64
1661b70.1ad4: Timestamp: 0x5a302454
1671b70.1ad4: Image Version: 6.0
1681b70.1ad4: SizeOfImage: 0x71000 (462848)
1691b70.1ad4: Resource Dir: 0x6f000 LB 0x370
1701b70.1ad4: ProductName: Avast Antivirus
1711b70.1ad4: ProductVersion: 17.9.3754.0
1721b70.1ad4: FileVersion: 17.9.3754.0
1731b70.1ad4: FileDescription: Avast self protection module
1741b70.1ad4: \SystemRoot\System32\drivers\aswStm.sys:
1751b70.1ad4: CreationTime: 2017-12-08T05:32:36.348709000Z
1761b70.1ad4: LastWriteTime: 2017-12-23T03:42:58.232601100Z
1771b70.1ad4: ChangeTime: 2017-12-23T03:43:17.934120300Z
1781b70.1ad4: FileAttributes: 0x20
1791b70.1ad4: Size: 0x31ea8
1801b70.1ad4: NT Headers: 0x110
1811b70.1ad4: Timestamp: 0x5a302650
1821b70.1ad4: Machine: 0x8664 - amd64
1831b70.1ad4: Timestamp: 0x5a302650
1841b70.1ad4: Image Version: 10.0
1851b70.1ad4: SizeOfImage: 0x32000 (204800)
1861b70.1ad4: Resource Dir: 0x30000 LB 0x350
1871b70.1ad4: ProductName: Avast Antivirus
1881b70.1ad4: ProductVersion: 17.9.3754.0
1891b70.1ad4: FileVersion: 17.9.3754.0
1901b70.1ad4: FileDescription: Stream Filter
1911b70.1ad4: \SystemRoot\System32\drivers\aswVmm.sys:
1921b70.1ad4: CreationTime: 2017-12-08T05:32:36.353213500Z
1931b70.1ad4: LastWriteTime: 2017-12-23T03:42:57.853282500Z
1941b70.1ad4: ChangeTime: 2017-12-23T03:43:17.934620700Z
1951b70.1ad4: FileAttributes: 0x20
1961b70.1ad4: Size: 0x57910
1971b70.1ad4: NT Headers: 0xf0
1981b70.1ad4: Timestamp: 0x5a302442
1991b70.1ad4: Machine: 0x8664 - amd64
2001b70.1ad4: Timestamp: 0x5a302442
2011b70.1ad4: Image Version: 6.0
2021b70.1ad4: SizeOfImage: 0x55000 (348160)
2031b70.1ad4: Resource Dir: 0x52000 LB 0x390
2041b70.1ad4: ProductName: Avast Antivirus
2051b70.1ad4: ProductVersion: 17.9.3754.0
2061b70.1ad4: FileVersion: 17.9.3754.0
2071b70.1ad4: FileDescription: Avast VM Monitor
2081b70.1ad4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
2091b70.1ad4: Calling main()
2101b70.1ad4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
2111b70.1ad4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
2121b70.1ad4: SUPR3HardenedMain: Respawn #1
2131b70.1ad4: System32: \Device\HarddiskVolume5\Windows\System32
2141b70.1ad4: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS
2151b70.1ad4: KnownDllPath: C:\WINDOWS\System32
2161b70.1ad4: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2171b70.1ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2181b70.1ad4: supR3HardNtEnableThreadCreation:
2191b70.1ad4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9e70391b0 pvNtTerminateThread=00007ff9e7060890
2201b70.1ad4: supR3HardenedWinDoReSpawn(1): New child 23f4.1098 [kernel32].
2211b70.1ad4: supR3HardNtChildGatherData: PebBaseAddress=0000000000544000 cbPeb=0x388
2221b70.1ad4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff9e6fc0000 uNtDllChildAddr=00007ff9e6fc0000
2231b70.1ad4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff9e70391b0
2241b70.1ad4: supR3HardenedWinSetupChildInit: Start child.
2251b70.1ad4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2261b70.1ad4: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 31 sleeps
2271b70.1ad4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2281b70.1ad4: *0000000000000000-ffffffffffcaffff 0x0001/0x0000 0x0000000
2291b70.1ad4: *0000000000350000-000000000032ffff 0x0004/0x0004 0x0020000
2301b70.1ad4: *0000000000370000-0000000000356fff 0x0002/0x0002 0x0040000
2311b70.1ad4: 0000000000389000-0000000000381fff 0x0001/0x0000 0x0000000
2321b70.1ad4: *0000000000390000-000000000038bfff 0x0002/0x0002 0x0040000
2331b70.1ad4: 0000000000394000-0000000000387fff 0x0001/0x0000 0x0000000
2341b70.1ad4: *00000000003a0000-000000000039efff 0x0004/0x0004 0x0020000
2351b70.1ad4: 00000000003a1000-0000000000341fff 0x0001/0x0000 0x0000000
2361b70.1ad4: *0000000000400000-00000000002bbfff 0x0000/0x0004 0x0020000
2371b70.1ad4: 0000000000544000-0000000000540fff 0x0004/0x0004 0x0020000
2381b70.1ad4: 0000000000547000-000000000048dfff 0x0000/0x0004 0x0020000
2391b70.1ad4: *0000000000600000-0000000000504fff 0x0000/0x0004 0x0020000
2401b70.1ad4: 00000000006fb000-00000000006f7fff 0x0104/0x0004 0x0020000
2411b70.1ad4: 00000000006fe000-00000000006fbfff 0x0004/0x0004 0x0020000
2421b70.1ad4: 0000000000700000-ffffffff80e1ffff 0x0001/0x0000 0x0000000
2431b70.1ad4: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
2441b70.1ad4: *000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
2451b70.1ad4: 000000007fff0000-ffff800a0ab5ffff 0x0001/0x0000 0x0000000
2461b70.1ad4: *00007ff6f5480000-00007ff6f545cfff 0x0002/0x0002 0x0040000
2471b70.1ad4: 00007ff6f54a3000-00007ff6f5045fff 0x0001/0x0000 0x0000000
2481b70.1ad4: *00007ff6f5900000-00007ff6f5900fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2491b70.1ad4: 00007ff6f5901000-00007ff6f596ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2501b70.1ad4: 00007ff6f5970000-00007ff6f5970fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2511b70.1ad4: 00007ff6f5971000-00007ff6f59b5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2521b70.1ad4: 00007ff6f59b6000-00007ff6f59b6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2531b70.1ad4: 00007ff6f59b7000-00007ff6f59b7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2541b70.1ad4: 00007ff6f59b8000-00007ff6f59bcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2551b70.1ad4: 00007ff6f59bd000-00007ff6f59bdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2561b70.1ad4: 00007ff6f59be000-00007ff6f59befff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2571b70.1ad4: 00007ff6f59bf000-00007ff6f59c2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2581b70.1ad4: 00007ff6f59c3000-00007ff6f5a0afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2591b70.1ad4: 00007ff6f5a0b000-00007ff404455fff 0x0001/0x0000 0x0000000
2601b70.1ad4: *00007ff9e6fc0000-00007ff9e6fc0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2611b70.1ad4: 00007ff9e6fc1000-00007ff9e70d2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2621b70.1ad4: 00007ff9e70d3000-00007ff9e7118fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2631b70.1ad4: 00007ff9e7119000-00007ff9e7120fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2641b70.1ad4: 00007ff9e7121000-00007ff9e712efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2651b70.1ad4: 00007ff9e712f000-00007ff9e712ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2661b70.1ad4: 00007ff9e7130000-00007ff9e7132fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2671b70.1ad4: 00007ff9e7133000-00007ff9e719ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2681b70.1ad4: 00007ff9e71a0000-00007ff3ce35ffff 0x0001/0x0000 0x0000000
2691b70.1ad4: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
2701b70.1ad4: VirtualBox.exe: timestamp 0x58c01b6a (rc=VINF_SUCCESS)
2711b70.1ad4: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2721b70.1ad4: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports
2731b70.1ad4: supR3HardNtChildPurify: Done after 566 ms and 0 fixes (loop #0).
27423f4.1098: Log file opened: 5.1.16r113841 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03fab00
27523f4.1098: supR3HardenedVmProcessInit: uNtDllAddr=00007ff9e6fc0000 g_uNtVerCombined=0xa03fab00
2761b70.1ad4: supR3HardNtEnableThreadCreation:
27723f4.1098: ntdll.dll: timestamp 0x493793ea (rc=VINF_SUCCESS)
27823f4.1098: New simple heap: #1 0000000000800000 LB 0x400000 (for 1966080 allocation)
27923f4.1098: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
28023f4.1098: System32: \Device\HarddiskVolume5\Windows\System32
28123f4.1098: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS
28223f4.1098: KnownDllPath: C:\WINDOWS\System32
28323f4.1098: supR3HardenedVmProcessInit: Opening vboxdrv stub...
28423f4.1098: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
28523f4.1098: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
28623f4.1098: Registered Dll notification callback with NTDLL.
28723f4.1098: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll)
28823f4.1098: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel32.dll
28923f4.1098: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
29023f4.1098: supR3HardenedDllNotificationCallback: load 00007ff9e37a0000 LB 0x00266000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
29123f4.1098: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll)
29223f4.1098: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
29323f4.1098: supR3HardenedDllNotificationCallback: load 00007ff9e69e0000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
29423f4.1098: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
29523f4.1098: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e69e0000 'C:\WINDOWS\System32\KERNEL32.DLL'
29623f4.1098: supR3HardenedDllNotificationCallback: load 00007ff6f5900000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
29723f4.1098: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
29823f4.1098: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe)
29923f4.1098: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
30023f4.1098: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9e70391b0 pvNtTerminateThread=00007ff9e7060890
3011b70.1ad4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 158 ms.
30223f4.1098: \SystemRoot\System32\ntdll.dll:
30323f4.1098: CreationTime: 2017-12-08T05:17:44.303593300Z
30423f4.1098: LastWriteTime: 2017-12-08T05:17:44.469672500Z
30523f4.1098: ChangeTime: 2017-12-13T10:17:11.337894700Z
30623f4.1098: FileAttributes: 0x20
30723f4.1098: Size: 0x1dd100
30823f4.1098: NT Headers: 0xe0
30923f4.1098: Timestamp: 0x493793ea
31023f4.1098: Machine: 0x8664 - amd64
31123f4.1098: Timestamp: 0x493793ea
31223f4.1098: Image Version: 10.0
31323f4.1098: SizeOfImage: 0x1e0000 (1966080)
31423f4.1098: Resource Dir: 0x174000 LB 0x6a1d8
31523f4.1098: ProductName: Microsoft® Windows® Operating System
31623f4.1098: ProductVersion: 10.0.16299.64
31723f4.1098: FileVersion: 10.0.16299.64 (WinBuild.160101.0800)
31823f4.1098: FileDescription: NT Layer DLL
31923f4.1098: \SystemRoot\System32\kernel32.dll:
32023f4.1098: CreationTime: 2017-09-29T13:42:04.954227600Z
32123f4.1098: LastWriteTime: 2017-09-29T13:42:04.954227600Z
32223f4.1098: ChangeTime: 2017-12-08T20:50:27.463795300Z
32323f4.1098: FileAttributes: 0x20
32423f4.1098: Size: 0xab868
32523f4.1098: NT Headers: 0xe8
32623f4.1098: Timestamp: 0xc2cf900
32723f4.1098: Machine: 0x8664 - amd64
32823f4.1098: Timestamp: 0xc2cf900
32923f4.1098: Image Version: 10.0
33023f4.1098: SizeOfImage: 0xae000 (712704)
33123f4.1098: Resource Dir: 0xac000 LB 0x520
33223f4.1098: ProductName: Microsoft® Windows® Operating System
33323f4.1098: ProductVersion: 10.0.16299.15
33423f4.1098: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
33523f4.1098: FileDescription: Windows NT BASE API Client DLL
33623f4.1098: \SystemRoot\System32\KernelBase.dll:
33723f4.1098: CreationTime: 2017-09-29T13:41:43.124345500Z
33823f4.1098: LastWriteTime: 2017-09-29T13:41:43.124345500Z
33923f4.1098: ChangeTime: 2017-12-08T20:50:27.526272500Z
34023f4.1098: FileAttributes: 0x20
34123f4.1098: Size: 0x266000
34223f4.1098: NT Headers: 0xf0
34323f4.1098: Timestamp: 0x4736733c
34423f4.1098: Machine: 0x8664 - amd64
34523f4.1098: Timestamp: 0x4736733c
34623f4.1098: Image Version: 10.0
34723f4.1098: SizeOfImage: 0x266000 (2514944)
34823f4.1098: Resource Dir: 0x245000 LB 0x548
34923f4.1098: ProductName: Microsoft® Windows® Operating System
35023f4.1098: ProductVersion: 10.0.16299.15
35123f4.1098: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
35223f4.1098: FileDescription: Windows NT BASE API Client DLL
35323f4.1098: \SystemRoot\System32\apisetschema.dll:
35423f4.1098: CreationTime: 2017-09-29T13:42:07.095026600Z
35523f4.1098: LastWriteTime: 2017-09-29T13:42:07.095026600Z
35623f4.1098: ChangeTime: 2017-12-15T12:18:23.281148200Z
35723f4.1098: FileAttributes: 0x20
35823f4.1098: Size: 0x1b398
35923f4.1098: NT Headers: 0xc8
36023f4.1098: Timestamp: 0xf30abf31
36123f4.1098: Machine: 0x8664 - amd64
36223f4.1098: Timestamp: 0xf30abf31
36323f4.1098: Image Version: 10.0
36423f4.1098: SizeOfImage: 0x1c000 (114688)
36523f4.1098: Resource Dir: 0x1b000 LB 0x408
36623f4.1098: ProductName: Microsoft® Windows® Operating System
36723f4.1098: ProductVersion: 10.0.16299.15
36823f4.1098: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
36923f4.1098: FileDescription: ApiSet Schema DLL
37023f4.1098: NtOpenDirectoryObject failed on \Driver: 0xc0000022
37123f4.1098: supR3HardenedWinFindAdversaries: 0x4
37223f4.1098: \SystemRoot\System32\drivers\aswHwid.sys:
37323f4.1098: CreationTime: 2017-12-08T05:32:36.270047300Z
37423f4.1098: LastWriteTime: 2017-12-23T03:42:57.586447300Z
37523f4.1098: ChangeTime: 2017-12-23T03:43:17.933620400Z
37623f4.1098: FileAttributes: 0x20
37723f4.1098: Size: 0xb780
37823f4.1098: NT Headers: 0xe8
37923f4.1098: Timestamp: 0x5a3021aa
38023f4.1098: Machine: 0x8664 - amd64
38123f4.1098: Timestamp: 0x5a3021aa
38223f4.1098: Image Version: 6.0
38323f4.1098: SizeOfImage: 0xa000 (40960)
38423f4.1098: Resource Dir: 0x8000 LB 0x388
38523f4.1098: ProductName: Avast Antivirus
38623f4.1098: ProductVersion: 17.9.3754.0
38723f4.1098: FileVersion: 17.9.3754.0
38823f4.1098: FileDescription: Avast HWID
38923f4.1098: \SystemRoot\System32\drivers\aswMonFlt.sys:
39023f4.1098: CreationTime: 2017-12-08T05:32:36.294165700Z
39123f4.1098: LastWriteTime: 2017-12-23T03:42:57.639240800Z
39223f4.1098: ChangeTime: 2017-12-23T03:43:17.933620400Z
39323f4.1098: FileAttributes: 0x20
39423f4.1098: Size: 0x23ce8
39523f4.1098: NT Headers: 0xf0
39623f4.1098: Timestamp: 0x5a30243f
39723f4.1098: Machine: 0x8664 - amd64
39823f4.1098: Timestamp: 0x5a30243f
39923f4.1098: Image Version: 6.0
40023f4.1098: SizeOfImage: 0x27000 (159744)
40123f4.1098: Resource Dir: 0x25000 LB 0x3b0
40223f4.1098: ProductName: Avast Antivirus
40323f4.1098: ProductVersion: 17.9.3754.0
40423f4.1098: FileVersion: 17.9.3754.0
40523f4.1098: FileDescription: Avast File System Minifilter for Windows 2003/Vista
40623f4.1098: \SystemRoot\System32\drivers\aswRdr2.sys:
40723f4.1098: CreationTime: 2017-12-08T05:32:36.312766900Z
40823f4.1098: LastWriteTime: 2017-12-23T03:42:56.985959700Z
40923f4.1098: ChangeTime: 2017-12-23T03:43:17.934120300Z
41023f4.1098: FileAttributes: 0x20
41123f4.1098: Size: 0x1af00
41223f4.1098: NT Headers: 0xf0
41323f4.1098: Timestamp: 0x5a3021c2
41423f4.1098: Machine: 0x8664 - amd64
41523f4.1098: Timestamp: 0x5a3021c2
41623f4.1098: Image Version: 6.1
41723f4.1098: SizeOfImage: 0x1a000 (106496)
41823f4.1098: Resource Dir: 0x18000 LB 0x398
41923f4.1098: ProductName: Avast Antivirus
42023f4.1098: ProductVersion: 17.9.3754.0
42123f4.1098: FileVersion: 17.9.3754.0 built by: WinDDK
42223f4.1098: FileDescription: Avast WFP Redirect Driver
42323f4.1098: \SystemRoot\System32\drivers\aswRvrt.sys:
42423f4.1098: CreationTime: 2017-12-08T05:32:36.317839300Z
42523f4.1098: LastWriteTime: 2017-12-23T03:42:57.709545000Z
42623f4.1098: ChangeTime: 2017-12-23T03:43:17.934120300Z
42723f4.1098: FileAttributes: 0x20
42823f4.1098: Size: 0x149a0
42923f4.1098: NT Headers: 0xf0
43023f4.1098: Timestamp: 0x5a3021ae
43123f4.1098: Machine: 0x8664 - amd64
43223f4.1098: Timestamp: 0x5a3021ae
43323f4.1098: Image Version: 6.0
43423f4.1098: SizeOfImage: 0x13000 (77824)
43523f4.1098: Resource Dir: 0x11000 LB 0x388
43623f4.1098: ProductName: Avast Antivirus
43723f4.1098: ProductVersion: 17.9.3754.0
43823f4.1098: FileVersion: 17.9.3754.0
43923f4.1098: FileDescription: Avast Revert
44023f4.1098: \SystemRoot\System32\drivers\aswSnx.sys:
44123f4.1098: CreationTime: 2017-12-08T05:32:36.322844100Z
44223f4.1098: LastWriteTime: 2017-12-23T03:42:33.853316300Z
44323f4.1098: ChangeTime: 2017-12-23T03:43:17.934120300Z
44423f4.1098: FileAttributes: 0x20
44523f4.1098: Size: 0xfa498
44623f4.1098: NT Headers: 0xe8
44723f4.1098: Timestamp: 0x5a3021c6
44823f4.1098: Machine: 0x8664 - amd64
44923f4.1098: Timestamp: 0x5a3021c6
45023f4.1098: Image Version: 6.0
45123f4.1098: SizeOfImage: 0xf8000 (1015808)
45223f4.1098: Resource Dir: 0xf0000 LB 0x378
45323f4.1098: ProductName: Avast Antivirus
45423f4.1098: ProductVersion: 17.9.3754.0
45523f4.1098: FileVersion: 17.9.3754.0
45623f4.1098: FileDescription: Avast Virtualization Driver
45723f4.1098: \SystemRoot\System32\drivers\aswsp.sys:
45823f4.1098: CreationTime: 2017-12-08T05:32:36.343755500Z
45923f4.1098: LastWriteTime: 2017-12-23T03:42:57.777401300Z
46023f4.1098: ChangeTime: 2017-12-23T03:43:17.934120300Z
46123f4.1098: FileAttributes: 0x20
46223f4.1098: Size: 0x6fab8
46323f4.1098: NT Headers: 0xe0
46423f4.1098: Timestamp: 0x5a302454
46523f4.1098: Machine: 0x8664 - amd64
46623f4.1098: Timestamp: 0x5a302454
46723f4.1098: Image Version: 6.0
46823f4.1098: SizeOfImage: 0x71000 (462848)
46923f4.1098: Resource Dir: 0x6f000 LB 0x370
47023f4.1098: ProductName: Avast Antivirus
47123f4.1098: ProductVersion: 17.9.3754.0
47223f4.1098: FileVersion: 17.9.3754.0
47323f4.1098: FileDescription: Avast self protection module
47423f4.1098: \SystemRoot\System32\drivers\aswStm.sys:
47523f4.1098: CreationTime: 2017-12-08T05:32:36.348709000Z
47623f4.1098: LastWriteTime: 2017-12-23T03:42:58.232601100Z
47723f4.1098: ChangeTime: 2017-12-23T03:43:17.934120300Z
47823f4.1098: FileAttributes: 0x20
47923f4.1098: Size: 0x31ea8
48023f4.1098: NT Headers: 0x110
48123f4.1098: Timestamp: 0x5a302650
48223f4.1098: Machine: 0x8664 - amd64
48323f4.1098: Timestamp: 0x5a302650
48423f4.1098: Image Version: 10.0
48523f4.1098: SizeOfImage: 0x32000 (204800)
48623f4.1098: Resource Dir: 0x30000 LB 0x350
48723f4.1098: ProductName: Avast Antivirus
48823f4.1098: ProductVersion: 17.9.3754.0
48923f4.1098: FileVersion: 17.9.3754.0
49023f4.1098: FileDescription: Stream Filter
49123f4.1098: \SystemRoot\System32\drivers\aswVmm.sys:
49223f4.1098: CreationTime: 2017-12-08T05:32:36.353213500Z
49323f4.1098: LastWriteTime: 2017-12-23T03:42:57.853282500Z
49423f4.1098: ChangeTime: 2017-12-23T03:43:17.934620700Z
49523f4.1098: FileAttributes: 0x20
49623f4.1098: Size: 0x57910
49723f4.1098: NT Headers: 0xf0
49823f4.1098: Timestamp: 0x5a302442
49923f4.1098: Machine: 0x8664 - amd64
50023f4.1098: Timestamp: 0x5a302442
50123f4.1098: Image Version: 6.0
50223f4.1098: SizeOfImage: 0x55000 (348160)
50323f4.1098: Resource Dir: 0x52000 LB 0x390
50423f4.1098: ProductName: Avast Antivirus
50523f4.1098: ProductVersion: 17.9.3754.0
50623f4.1098: FileVersion: 17.9.3754.0
50723f4.1098: FileDescription: Avast VM Monitor
50823f4.1098: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
50923f4.1098: Calling main()
51023f4.1098: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
51123f4.1098: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
51223f4.1098: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
51323f4.1098: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe)
51423f4.1098: SUPR3HardenedMain: Respawn #2
51523f4.1098: supR3HardNtEnableThreadCreation:
51623f4.1098: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
51723f4.1098: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
51823f4.1098: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
51923f4.1098: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\advapi32.dll)
52023f4.1098: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\advapi32.dll
52123f4.1098: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
52223f4.1098: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
52323f4.1098: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll)
52423f4.1098: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
52523f4.1098: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
52623f4.1098: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume5\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
52723f4.1098: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
52823f4.1098: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\sechost.dll)
52923f4.1098: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\sechost.dll
53023f4.1098: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
53123f4.1098: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
53223f4.1098: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcrt.dll)
53323f4.1098: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcrt.dll
53423f4.1098: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
53523f4.1098: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
53623f4.1098: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
53723f4.1098: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x1000 pwszSearchPath=0000000000000000:<flags> [calling]
53823f4.1098: supR3HardenedDllNotificationCallback: load 00007ff9e6a90000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
53923f4.1098: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
54023f4.1098: supR3HardenedDllNotificationCallback: load 00007ff9e6420000 LB 0x0011f000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
54123f4.1098: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
54223f4.1098: supR3HardenedDllNotificationCallback: load 00007ff9e6550000 LB 0x0005b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
54323f4.1098: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\sechost.dll [lacks WinVerifyTrust]
54423f4.1098: supR3HardenedDllNotificationCallback: load 00007ff9e45a0000 LB 0x000a1000 C:\WINDOWS\System32\ADVAPI32.DLL [fFlags=0x0]
54523f4.1098: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
54623f4.1098: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e45a0000 'C:\WINDOWS\System32\ADVAPI32.DLL'
54723f4.1098: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports
54823f4.1098: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ntdll.dll)
54923f4.1098: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ntdll.dll
55023f4.1098: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
55123f4.1098: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e6fc0000 'C:\WINDOWS\System32\ntdll.dll'
55223f4.1098: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9e70391b0 pvNtTerminateThread=00007ff9e7060890
55323f4.1098: supR3HardenedWinDoReSpawn(2): New child 1384.1834 [kernel32].
55423f4.1098: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
55523f4.1098: supR3HardNtChildGatherData: PebBaseAddress=0000000000729000 cbPeb=0x388
55623f4.1098: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff9e6fc0000 uNtDllChildAddr=00007ff9e6fc0000
55723f4.1098: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff9e70391b0
55823f4.1098: supR3HardenedWinSetupChildInit: Start child.
55923f4.1098: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
56023f4.1098: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 51 sleeps
56123f4.1098: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
56223f4.1098: *0000000000000000-ffffffffffacffff 0x0001/0x0000 0x0000000
56323f4.1098: *0000000000530000-000000000050ffff 0x0004/0x0004 0x0020000
56423f4.1098: *0000000000550000-0000000000536fff 0x0002/0x0002 0x0040000
56523f4.1098: 0000000000569000-0000000000561fff 0x0001/0x0000 0x0000000
56623f4.1098: *0000000000570000-000000000056bfff 0x0002/0x0002 0x0040000
56723f4.1098: 0000000000574000-0000000000567fff 0x0001/0x0000 0x0000000
56823f4.1098: *0000000000580000-000000000057efff 0x0004/0x0004 0x0020000
56923f4.1098: 0000000000581000-0000000000501fff 0x0001/0x0000 0x0000000
57023f4.1098: *0000000000600000-00000000004d6fff 0x0000/0x0004 0x0020000
57123f4.1098: 0000000000729000-0000000000725fff 0x0004/0x0004 0x0020000
57223f4.1098: 000000000072c000-0000000000657fff 0x0000/0x0004 0x0020000
57323f4.1098: *0000000000800000-0000000000704fff 0x0000/0x0004 0x0020000
57423f4.1098: 00000000008fb000-00000000008f7fff 0x0104/0x0004 0x0020000
57523f4.1098: 00000000008fe000-00000000008fbfff 0x0004/0x0004 0x0020000
57623f4.1098: 0000000000900000-ffffffff8121ffff 0x0001/0x0000 0x0000000
57723f4.1098: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
57823f4.1098: *000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
57923f4.1098: 000000007fff0000-ffff800a0b29ffff 0x0001/0x0000 0x0000000
58023f4.1098: *00007ff6f4d40000-00007ff6f4d1cfff 0x0002/0x0002 0x0040000
58123f4.1098: 00007ff6f4d63000-00007ff6f41c5fff 0x0001/0x0000 0x0000000
58223f4.1098: *00007ff6f5900000-00007ff6f5900fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
58323f4.1098: 00007ff6f5901000-00007ff6f596ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
58423f4.1098: 00007ff6f5970000-00007ff6f5970fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
58523f4.1098: 00007ff6f5971000-00007ff6f59b5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
58623f4.1098: 00007ff6f59b6000-00007ff6f59b6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
58723f4.1098: 00007ff6f59b7000-00007ff6f59b7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
58823f4.1098: 00007ff6f59b8000-00007ff6f59bcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
58923f4.1098: 00007ff6f59bd000-00007ff6f59bdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
59023f4.1098: 00007ff6f59be000-00007ff6f59befff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
59123f4.1098: 00007ff6f59bf000-00007ff6f59c2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
59223f4.1098: 00007ff6f59c3000-00007ff6f5a0afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
59323f4.1098: 00007ff6f5a0b000-00007ff404455fff 0x0001/0x0000 0x0000000
59423f4.1098: *00007ff9e6fc0000-00007ff9e6fc0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
59523f4.1098: 00007ff9e6fc1000-00007ff9e70d2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
59623f4.1098: 00007ff9e70d3000-00007ff9e7118fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
59723f4.1098: 00007ff9e7119000-00007ff9e7120fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
59823f4.1098: 00007ff9e7121000-00007ff9e712efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
59923f4.1098: 00007ff9e712f000-00007ff9e712ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
60023f4.1098: 00007ff9e7130000-00007ff9e7132fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
60123f4.1098: 00007ff9e7133000-00007ff9e719ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
60223f4.1098: 00007ff9e71a0000-00007ff3ce35ffff 0x0001/0x0000 0x0000000
60323f4.1098: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
60423f4.1098: VirtualBox.exe: timestamp 0x58c01b6a (rc=VINF_SUCCESS)
60523f4.1098: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
60623f4.1098: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports
60723f4.1098: supR3HardNtChildPurify: Done after 562 ms and 0 fixes (loop #0).
60823f4.1098: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000800000 LB 0x400000)
6091384.1834: Log file opened: 5.1.16r113841 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03fab00
6101384.1834: supR3HardenedVmProcessInit: uNtDllAddr=00007ff9e6fc0000 g_uNtVerCombined=0xa03fab00
61123f4.1098: supR3HardNtEnableThreadCreation:
6121384.1834: ntdll.dll: timestamp 0x493793ea (rc=VINF_SUCCESS)
6131384.1834: New simple heap: #1 0000000000a00000 LB 0x400000 (for 1966080 allocation)
6141384.1834: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
6151384.1834: System32: \Device\HarddiskVolume5\Windows\System32
6161384.1834: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS
6171384.1834: KnownDllPath: C:\WINDOWS\System32
6181384.1834: supR3HardenedVmProcessInit: Opening vboxdrv...
6191384.1834: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
6201384.1834: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
6211384.1834: Registered Dll notification callback with NTDLL.
6221384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll)
6231384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel32.dll
6241384.1834: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
6251384.1834: supR3HardenedDllNotificationCallback: load 00007ff9e37a0000 LB 0x00266000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
6261384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll)
6271384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
6281384.1834: supR3HardenedDllNotificationCallback: load 00007ff9e69e0000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
6291384.1834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
6301384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e69e0000 'C:\WINDOWS\System32\KERNEL32.DLL'
6311384.1834: supR3HardenedDllNotificationCallback: load 00007ff6f5900000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
6321384.1834: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
6331384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe)
6341384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
6351384.1834: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9e70391b0 pvNtTerminateThread=00007ff9e7060890
63623f4.1098: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 138 ms.
6371384.1834: \SystemRoot\System32\ntdll.dll:
6381384.1834: CreationTime: 2017-12-08T05:17:44.303593300Z
6391384.1834: LastWriteTime: 2017-12-08T05:17:44.469672500Z
6401384.1834: ChangeTime: 2017-12-13T10:17:11.337894700Z
6411384.1834: FileAttributes: 0x20
6421384.1834: Size: 0x1dd100
6431384.1834: NT Headers: 0xe0
6441384.1834: Timestamp: 0x493793ea
6451384.1834: Machine: 0x8664 - amd64
6461384.1834: Timestamp: 0x493793ea
6471384.1834: Image Version: 10.0
6481384.1834: SizeOfImage: 0x1e0000 (1966080)
6491384.1834: Resource Dir: 0x174000 LB 0x6a1d8
6501384.1834: ProductName: Microsoft® Windows® Operating System
6511384.1834: ProductVersion: 10.0.16299.64
6521384.1834: FileVersion: 10.0.16299.64 (WinBuild.160101.0800)
6531384.1834: FileDescription: NT Layer DLL
6541384.1834: \SystemRoot\System32\kernel32.dll:
6551384.1834: CreationTime: 2017-09-29T13:42:04.954227600Z
6561384.1834: LastWriteTime: 2017-09-29T13:42:04.954227600Z
6571384.1834: ChangeTime: 2017-12-08T20:50:27.463795300Z
6581384.1834: FileAttributes: 0x20
6591384.1834: Size: 0xab868
6601384.1834: NT Headers: 0xe8
6611384.1834: Timestamp: 0xc2cf900
6621384.1834: Machine: 0x8664 - amd64
6631384.1834: Timestamp: 0xc2cf900
6641384.1834: Image Version: 10.0
6651384.1834: SizeOfImage: 0xae000 (712704)
6661384.1834: Resource Dir: 0xac000 LB 0x520
6671384.1834: ProductName: Microsoft® Windows® Operating System
6681384.1834: ProductVersion: 10.0.16299.15
6691384.1834: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
6701384.1834: FileDescription: Windows NT BASE API Client DLL
6711384.1834: \SystemRoot\System32\KernelBase.dll:
6721384.1834: CreationTime: 2017-09-29T13:41:43.124345500Z
6731384.1834: LastWriteTime: 2017-09-29T13:41:43.124345500Z
6741384.1834: ChangeTime: 2017-12-08T20:50:27.526272500Z
6751384.1834: FileAttributes: 0x20
6761384.1834: Size: 0x266000
6771384.1834: NT Headers: 0xf0
6781384.1834: Timestamp: 0x4736733c
6791384.1834: Machine: 0x8664 - amd64
6801384.1834: Timestamp: 0x4736733c
6811384.1834: Image Version: 10.0
6821384.1834: SizeOfImage: 0x266000 (2514944)
6831384.1834: Resource Dir: 0x245000 LB 0x548
6841384.1834: ProductName: Microsoft® Windows® Operating System
6851384.1834: ProductVersion: 10.0.16299.15
6861384.1834: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
6871384.1834: FileDescription: Windows NT BASE API Client DLL
6881384.1834: \SystemRoot\System32\apisetschema.dll:
6891384.1834: CreationTime: 2017-09-29T13:42:07.095026600Z
6901384.1834: LastWriteTime: 2017-09-29T13:42:07.095026600Z
6911384.1834: ChangeTime: 2017-12-15T12:18:23.281148200Z
6921384.1834: FileAttributes: 0x20
6931384.1834: Size: 0x1b398
6941384.1834: NT Headers: 0xc8
6951384.1834: Timestamp: 0xf30abf31
6961384.1834: Machine: 0x8664 - amd64
6971384.1834: Timestamp: 0xf30abf31
6981384.1834: Image Version: 10.0
6991384.1834: SizeOfImage: 0x1c000 (114688)
7001384.1834: Resource Dir: 0x1b000 LB 0x408
7011384.1834: ProductName: Microsoft® Windows® Operating System
7021384.1834: ProductVersion: 10.0.16299.15
7031384.1834: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
7041384.1834: FileDescription: ApiSet Schema DLL
7051384.1834: NtOpenDirectoryObject failed on \Driver: 0xc0000022
7061384.1834: supR3HardenedWinFindAdversaries: 0x4
7071384.1834: \SystemRoot\System32\drivers\aswHwid.sys:
7081384.1834: CreationTime: 2017-12-08T05:32:36.270047300Z
7091384.1834: LastWriteTime: 2017-12-23T03:42:57.586447300Z
7101384.1834: ChangeTime: 2017-12-23T03:43:17.933620400Z
7111384.1834: FileAttributes: 0x20
7121384.1834: Size: 0xb780
7131384.1834: NT Headers: 0xe8
7141384.1834: Timestamp: 0x5a3021aa
7151384.1834: Machine: 0x8664 - amd64
7161384.1834: Timestamp: 0x5a3021aa
7171384.1834: Image Version: 6.0
7181384.1834: SizeOfImage: 0xa000 (40960)
7191384.1834: Resource Dir: 0x8000 LB 0x388
7201384.1834: ProductName: Avast Antivirus
7211384.1834: ProductVersion: 17.9.3754.0
7221384.1834: FileVersion: 17.9.3754.0
7231384.1834: FileDescription: Avast HWID
7241384.1834: \SystemRoot\System32\drivers\aswMonFlt.sys:
7251384.1834: CreationTime: 2017-12-08T05:32:36.294165700Z
7261384.1834: LastWriteTime: 2017-12-23T03:42:57.639240800Z
7271384.1834: ChangeTime: 2017-12-23T03:43:17.933620400Z
7281384.1834: FileAttributes: 0x20
7291384.1834: Size: 0x23ce8
7301384.1834: NT Headers: 0xf0
7311384.1834: Timestamp: 0x5a30243f
7321384.1834: Machine: 0x8664 - amd64
7331384.1834: Timestamp: 0x5a30243f
7341384.1834: Image Version: 6.0
7351384.1834: SizeOfImage: 0x27000 (159744)
7361384.1834: Resource Dir: 0x25000 LB 0x3b0
7371384.1834: ProductName: Avast Antivirus
7381384.1834: ProductVersion: 17.9.3754.0
7391384.1834: FileVersion: 17.9.3754.0
7401384.1834: FileDescription: Avast File System Minifilter for Windows 2003/Vista
7411384.1834: \SystemRoot\System32\drivers\aswRdr2.sys:
7421384.1834: CreationTime: 2017-12-08T05:32:36.312766900Z
7431384.1834: LastWriteTime: 2017-12-23T03:42:56.985959700Z
7441384.1834: ChangeTime: 2017-12-23T03:43:17.934120300Z
7451384.1834: FileAttributes: 0x20
7461384.1834: Size: 0x1af00
7471384.1834: NT Headers: 0xf0
7481384.1834: Timestamp: 0x5a3021c2
7491384.1834: Machine: 0x8664 - amd64
7501384.1834: Timestamp: 0x5a3021c2
7511384.1834: Image Version: 6.1
7521384.1834: SizeOfImage: 0x1a000 (106496)
7531384.1834: Resource Dir: 0x18000 LB 0x398
7541384.1834: ProductName: Avast Antivirus
7551384.1834: ProductVersion: 17.9.3754.0
7561384.1834: FileVersion: 17.9.3754.0 built by: WinDDK
7571384.1834: FileDescription: Avast WFP Redirect Driver
7581384.1834: \SystemRoot\System32\drivers\aswRvrt.sys:
7591384.1834: CreationTime: 2017-12-08T05:32:36.317839300Z
7601384.1834: LastWriteTime: 2017-12-23T03:42:57.709545000Z
7611384.1834: ChangeTime: 2017-12-23T03:43:17.934120300Z
7621384.1834: FileAttributes: 0x20
7631384.1834: Size: 0x149a0
7641384.1834: NT Headers: 0xf0
7651384.1834: Timestamp: 0x5a3021ae
7661384.1834: Machine: 0x8664 - amd64
7671384.1834: Timestamp: 0x5a3021ae
7681384.1834: Image Version: 6.0
7691384.1834: SizeOfImage: 0x13000 (77824)
7701384.1834: Resource Dir: 0x11000 LB 0x388
7711384.1834: ProductName: Avast Antivirus
7721384.1834: ProductVersion: 17.9.3754.0
7731384.1834: FileVersion: 17.9.3754.0
7741384.1834: FileDescription: Avast Revert
7751384.1834: \SystemRoot\System32\drivers\aswSnx.sys:
7761384.1834: CreationTime: 2017-12-08T05:32:36.322844100Z
7771384.1834: LastWriteTime: 2017-12-23T03:42:33.853316300Z
7781384.1834: ChangeTime: 2017-12-23T03:43:17.934120300Z
7791384.1834: FileAttributes: 0x20
7801384.1834: Size: 0xfa498
7811384.1834: NT Headers: 0xe8
7821384.1834: Timestamp: 0x5a3021c6
7831384.1834: Machine: 0x8664 - amd64
7841384.1834: Timestamp: 0x5a3021c6
7851384.1834: Image Version: 6.0
7861384.1834: SizeOfImage: 0xf8000 (1015808)
7871384.1834: Resource Dir: 0xf0000 LB 0x378
7881384.1834: ProductName: Avast Antivirus
7891384.1834: ProductVersion: 17.9.3754.0
7901384.1834: FileVersion: 17.9.3754.0
7911384.1834: FileDescription: Avast Virtualization Driver
7921384.1834: \SystemRoot\System32\drivers\aswsp.sys:
7931384.1834: CreationTime: 2017-12-08T05:32:36.343755500Z
7941384.1834: LastWriteTime: 2017-12-23T03:42:57.777401300Z
7951384.1834: ChangeTime: 2017-12-23T03:43:17.934120300Z
7961384.1834: FileAttributes: 0x20
7971384.1834: Size: 0x6fab8
7981384.1834: NT Headers: 0xe0
7991384.1834: Timestamp: 0x5a302454
8001384.1834: Machine: 0x8664 - amd64
8011384.1834: Timestamp: 0x5a302454
8021384.1834: Image Version: 6.0
8031384.1834: SizeOfImage: 0x71000 (462848)
8041384.1834: Resource Dir: 0x6f000 LB 0x370
8051384.1834: ProductName: Avast Antivirus
8061384.1834: ProductVersion: 17.9.3754.0
8071384.1834: FileVersion: 17.9.3754.0
8081384.1834: FileDescription: Avast self protection module
8091384.1834: \SystemRoot\System32\drivers\aswStm.sys:
8101384.1834: CreationTime: 2017-12-08T05:32:36.348709000Z
8111384.1834: LastWriteTime: 2017-12-23T03:42:58.232601100Z
8121384.1834: ChangeTime: 2017-12-23T03:43:17.934120300Z
8131384.1834: FileAttributes: 0x20
8141384.1834: Size: 0x31ea8
8151384.1834: NT Headers: 0x110
8161384.1834: Timestamp: 0x5a302650
8171384.1834: Machine: 0x8664 - amd64
8181384.1834: Timestamp: 0x5a302650
8191384.1834: Image Version: 10.0
8201384.1834: SizeOfImage: 0x32000 (204800)
8211384.1834: Resource Dir: 0x30000 LB 0x350
8221384.1834: ProductName: Avast Antivirus
8231384.1834: ProductVersion: 17.9.3754.0
8241384.1834: FileVersion: 17.9.3754.0
8251384.1834: FileDescription: Stream Filter
8261384.1834: \SystemRoot\System32\drivers\aswVmm.sys:
8271384.1834: CreationTime: 2017-12-08T05:32:36.353213500Z
8281384.1834: LastWriteTime: 2017-12-23T03:42:57.853282500Z
8291384.1834: ChangeTime: 2017-12-23T03:43:17.934620700Z
8301384.1834: FileAttributes: 0x20
8311384.1834: Size: 0x57910
8321384.1834: NT Headers: 0xf0
8331384.1834: Timestamp: 0x5a302442
8341384.1834: Machine: 0x8664 - amd64
8351384.1834: Timestamp: 0x5a302442
8361384.1834: Image Version: 6.0
8371384.1834: SizeOfImage: 0x55000 (348160)
8381384.1834: Resource Dir: 0x52000 LB 0x390
8391384.1834: ProductName: Avast Antivirus
8401384.1834: ProductVersion: 17.9.3754.0
8411384.1834: FileVersion: 17.9.3754.0
8421384.1834: FileDescription: Avast VM Monitor
8431384.1834: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
8441384.1834: Calling main()
8451384.1834: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
8461384.1834: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
8471384.1834: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
8481384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe)
8491384.1834: SUPR3HardenedMain: Final process, opening VBoxDrv...
8501384.1834: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000a00000 LB 0x400000)
8511384.1834: supR3HardNtEnableThreadCreation:
8521384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
8531384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
8541384.1834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8551384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8561384.1834: supR3HardenedDllNotificationCallback: load 00007ff9de490000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
8571384.1834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8581384.1834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8591384.1834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8601384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9de490000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
8611384.1834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8621384.1834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8631384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9de490000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
8641384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9de490000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
8651384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8661384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
8671384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
8681384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
8691384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wintrust.dll)
8701384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wintrust.dll
8711384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8721384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8731384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll)
8741384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
8751384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
8761384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume5\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
8771384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'msasn1.dll'.
8781384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\crypt32.dll)
8791384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\crypt32.dll
8801384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
8811384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume5\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
8821384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msasn1.dll)
8831384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msasn1.dll
8841384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8851384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8861384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcrt.dll)
8871384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcrt.dll
8881384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
8891384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume5\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
8901384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
8911384.1834: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8921384.1834: supR3HardenedDllNotificationCallback: load 00007ff9e6a90000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
8931384.1834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8941384.1834: supR3HardenedDllNotificationCallback: load 00007ff9e33a0000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
8951384.1834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
8961384.1834: supR3HardenedDllNotificationCallback: load 00007ff9e33e0000 LB 0x000f6000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
8971384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ucrtbase.dll)
8981384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ucrtbase.dll
8991384.1834: supR3HardenedDllNotificationCallback: load 00007ff9e3530000 LB 0x001ce000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
9001384.1834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9011384.1834: supR3HardenedDllNotificationCallback: load 00007ff9e6420000 LB 0x0011f000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
9021384.1834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9031384.1834: supR3HardenedDllNotificationCallback: load 00007ff9e6550000 LB 0x0005b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
9041384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
9051384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\sechost.dll)
9061384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\sechost.dll
9071384.1834: supR3HardenedDllNotificationCallback: load 00007ff9e45a0000 LB 0x000a1000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
9081384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9091384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
9101384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
9111384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\advapi32.dll)
9121384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\advapi32.dll
9131384.1834: supR3HardenedDllNotificationCallback: load 00007ff9e4160000 LB 0x00058000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
9141384.1834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9151384.1834: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9161384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e37a0000 'api-ms-win-core-synch-l1-2-0'
9171384.1834: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9181384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e37a0000 'api-ms-win-core-fibers-l1-1-1'
9191384.1834: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9201384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e37a0000 'api-ms-win-core-fibers-l1-1-1'
9211384.1834: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9221384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e37a0000 'api-ms-win-core-synch-l1-2-0'
9231384.1834: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9241384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e37a0000 'api-ms-win-core-localization-l1-2-1'
9251384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4160000 'C:\WINDOWS\system32\Wintrust.dll'
9261384.1834: supHardenedWinVerifyImageByHandle: -> -626 (\Device\HarddiskVolume5\Windows\System32\bcrypt.dll)
9271384.1834: Error (rc=0):
9281384.1834: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume5\Windows\System32\bcrypt.dll: Grown load config (244 to 256 bytes) includes non-zero bytes: 00 00 00 00 60 a9 01 80 01 00 00 00
9291384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\bcrypt.dll
9301384.1834: Error (rc=0):
9311384.1834: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\WINDOWS\system32\bcrypt.dll' (C:\WINDOWS\system32\bcrypt.dll): rcNt=0xc0000190
9321384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\WINDOWS\system32\bcrypt.dll'
9331384.1834: Warning! Failed to load bcrypt.dll
9341384.1834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9351384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9361384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9371384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9381384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
9391384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume5\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
9401384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\sechost.dll [lacks WinVerifyTrust]
9411384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9421384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9431384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9441384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9451384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9461384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9471384.1834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9481384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4160000 'C:\Windows\System32\WINTRUST.DLL'
9491384.1834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9501384.1834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9511384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4160000 'C:\Windows\System32\WINTRUST.DLL'
9521384.1834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9531384.1834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9541384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4160000 'C:\Windows\System32\WINTRUST.DLL'
9551384.1834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9561384.1834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9571384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4160000 'C:\Windows\System32\WINTRUST.DLL'
9581384.1834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9591384.1834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9601384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4160000 'C:\Windows\System32\WINTRUST.DLL'
9611384.1834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9621384.1834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9631384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4160000 'C:\Windows\System32\WINTRUST.DLL'
9641384.1834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9651384.1834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9661384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4160000 'C:\Windows\System32\WINTRUST.DLL'
9671384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\cryptsp.dll)
9681384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cryptsp.dll
9691384.1834: supR3HardenedDllNotificationCallback: load 00007ff9e2d60000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
9701384.1834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
9711384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
9721384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\rsaenh.dll)
9731384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\rsaenh.dll
9741384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
9751384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
9761384.1834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -626 (0xfffffd8e)) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
9771384.1834: Error (rc=0):
9781384.1834: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume5\Windows\System32\bcrypt.dll
9791384.1834: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9801384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9811384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status -626 (0xfffffd8e)) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
9821384.1834: Error (rc=0):
9831384.1834: supR3HardenedScreenImage/NtCreateSection: cached rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x10 fAccess=0xf cHits=2 \Device\HarddiskVolume5\Windows\System32\bcrypt.dll
9841384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\WINDOWS\system32\rsaenh.dll'
9851384.1834: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x8 (<NULL>) on '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe'
9861384.1834: Error -22919 in VirtualBox! (enmWhat=1)
9871384.1834: WinVerifyTrust failed on stub executable: WinVerifyTrust failed with hrc=Unknown Status 0x8 on '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe'
9881384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
9891384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
9901384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
9911384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
9921384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
9931384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
9941384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
9951384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
9961384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
9971384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
9981384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
9991384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
10001384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
10011384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
10021384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
10031384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.dll)
10041384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.dll
10051384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
10061384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
10071384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
10081384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
10091384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\winmm.dll)
10101384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\winmm.dll
10111384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
10121384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
10131384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
10141384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
10151384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
10161384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\oleaut32.dll)
10171384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
10181384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
10191384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
10201384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
10211384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'gdi32.dll'.
10221384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'user32.dll'.
10231384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'combase.dll'.
10241384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ole32.dll)
10251384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ole32.dll
10261384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
10271384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
10281384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10291384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #73 'user32.dll'.
10301384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'gdi32.dll'.
10311384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\shell32.dll)
10321384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\shell32.dll
10331384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
10341384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
10351384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
10361384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10371384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10381384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
10391384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
10401384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\user32.dll)
10411384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\user32.dll
10421384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
10431384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
10441384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
10451384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
10461384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
10471384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
10481384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll)
10491384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
10501384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
10511384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
10521384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
10531384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
10541384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
10551384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
10561384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
10571384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
10581384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
10591384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
10601384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll)
10611384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
10621384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
10631384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
10641384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
10651384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
10661384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
10671384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
10681384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
10691384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
10701384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
10711384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
10721384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
10731384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
10741384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
10751384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
10761384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
10771384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
10781384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
10791384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
10801384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
10811384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
10821384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
10831384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
10841384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
10851384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
10861384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
10871384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
10881384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
10891384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
10901384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
10911384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
10921384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
10931384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
10941384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
10951384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
10961384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
10971384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
10981384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll)
10991384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll
11001384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
11011384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
11021384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
11031384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll)
11041384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
11051384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
11061384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
11071384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
11081384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
11091384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
11101384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
11111384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll)
11121384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
11131384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
11141384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
11151384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11161384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
11171384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
11181384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
11191384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
11201384.1834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\opengl32.dll)
11211384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\opengl32.dll
11221384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
11231384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume5\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
11241384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11251384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
11261384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
11271384.1834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\glu32.dll)
11281384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\glu32.dll
11291384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11301384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11311384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\gdi32.dll)
11321384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\gdi32.dll
11331384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11341384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11351384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
11361384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11371384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11381384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
11391384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11401384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11411384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11421384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11431384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11441384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
11451384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
11461384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
11471384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
11481384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ws2_32.dll)
11491384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
11501384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
11511384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
11521384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll [lacks WinVerifyTrust]
11531384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11541384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11551384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
11561384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11571384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11581384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
11591384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11601384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11611384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
11621384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
11631384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
11641384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll [lacks WinVerifyTrust]
11651384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
11661384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume5\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
11671384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\mpr.dll)
11681384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\mpr.dll
11691384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
11701384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
11711384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll [lacks WinVerifyTrust]
11721384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11731384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11741384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
11751384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
11761384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
11771384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll [lacks WinVerifyTrust]
11781384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
11791384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
11801384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll [lacks WinVerifyTrust]
11811384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11821384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11831384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
11841384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11851384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11861384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
11871384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
11881384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
11891384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll [lacks WinVerifyTrust]
11901384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
11911384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
11921384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
11931384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11941384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11951384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
11961384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11971384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11981384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11991384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
12001384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
12011384.1834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
12021384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
12031384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
12041384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll [lacks WinVerifyTrust]
12051384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12061384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12071384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
12081384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
12091384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
12101384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll [lacks WinVerifyTrust]
12111384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
12121384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
12131384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll [lacks WinVerifyTrust]
12141384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
12151384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
12161384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
12171384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
12181384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
12191384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
12201384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12211384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12221384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
12231384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12241384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12251384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12261384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12271384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12281384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
12291384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
12301384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume5\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
12311384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12321384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'.
12331384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'shlwapi.dll'.
12341384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
12351384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'comctl32.dll'.
12361384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'shell32.dll'.
12371384.1834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\comdlg32.dll)
12381384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\comdlg32.dll
12391384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
12401384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume5\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
12411384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12421384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'iphlpapi.dll'.
12431384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'bcrypt.dll'.
12441384.1834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\winspool.drv)
12451384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\winspool.drv
12461384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
12471384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
12481384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
12491384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
12501384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
12511384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
12521384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
12531384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
12541384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
12551384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12561384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12571384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
12581384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12591384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12601384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12611384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12621384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12631384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
12641384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
12651384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
12661384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
12671384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
12681384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
12691384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
12701384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
12711384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
12721384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
12731384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12741384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12751384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12761384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
12771384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
12781384.1834: '\Device\HarddiskVolume5\Windows\System32\win32u.dll' has no imports
12791384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\win32u.dll)
12801384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\win32u.dll
12811384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12821384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12831384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12841384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12851384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12861384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
12871384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12881384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12891384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12901384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
12911384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
12921384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
12931384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'.
12941384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\combase.dll)
12951384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\combase.dll
12961384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12971384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12981384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
12991384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13001384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13011384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13021384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13031384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13041384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
13051384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13061384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13071384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
13081384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
13091384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
13101384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll [lacks WinVerifyTrust]
13111384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
13121384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
13131384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll)
13141384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll
13151384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13161384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13171384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13181384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
13191384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
13201384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13211384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\winmmbase.dll)
13221384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\winmmbase.dll
13231384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13241384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13251384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13261384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
13271384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
13281384.1834: supHardenedWinVerifyImageByHandle: -> -626 (\Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll)
13291384.1834: Error (rc=0):
13301384.1834: supR3HardenedScreenImage/Imports: rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll: Grown load config (244 to 256 bytes) includes non-zero bytes: 00 00 00 00 40 16 06 80 01 00 00 00
13311384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll
13321384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13331384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13341384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
13351384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
13361384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
13371384.1834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -626 (0xfffffd8e)) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
13381384.1834: Error (rc=0):
13391384.1834: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x0 fAccess=0x0 cHits=3 \Device\HarddiskVolume5\Windows\System32\bcrypt.dll
13401384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
13411384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
13421384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL)
13431384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL
13441384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13451384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13461384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13471384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
13481384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
13491384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll [lacks WinVerifyTrust]
13501384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
13511384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
13521384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
13531384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
13541384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
13551384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\comctl32.dll)
13561384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\comctl32.dll
13571384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13581384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13591384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13601384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
13611384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
13621384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
13631384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'gdi32.dll'.
13641384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'user32.dll'.
13651384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\shlwapi.dll)
13661384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\shlwapi.dll
13671384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13681384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13691384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
13701384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13711384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13721384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13731384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13741384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13751384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
13761384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
13771384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
13781384.1834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
13791384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13801384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13811384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
13821384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13831384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13841384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13851384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13861384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13871384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
13881384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13891384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13901384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13911384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13921384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13931384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13941384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13951384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13961384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
13971384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13981384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13991384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14001384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14011384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14021384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
14031384.1834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
14041384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.dll [lacks WinVerifyTrust]
14051384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
14061384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust]
14071384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll [lacks WinVerifyTrust]
14081384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
14091384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
14101384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
14111384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
14121384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [lacks WinVerifyTrust]
14131384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [lacks WinVerifyTrust]
14141384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll [lacks WinVerifyTrust]
14151384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\glu32.dll [lacks WinVerifyTrust]
14161384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\mpr.dll [lacks WinVerifyTrust]
14171384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\winspool.drv [lacks WinVerifyTrust]
14181384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
14191384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
14201384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
14211384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.125_none_88782a244abc4c60\comctl32.dll)
14221384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.125_none_88782a244abc4c60\comctl32.dll
14231384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmmbase.dll [lacks WinVerifyTrust]
14241384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL [lacks WinVerifyTrust]
14251384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status -626 (0xfffffd8e)) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
14261384.1834: Error (rc=0):
14271384.1834: supR3HardenedScreenImage/NtCreateSection: cached rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x10 fAccess=0xf cHits=4 \Device\HarddiskVolume5\Windows\System32\bcrypt.dll
14281384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
142923f4.1098: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1736 ms, the end);
14301b70.1ad4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2577 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy