141c.27ac: Log file opened: 5.1.16r113841 g_hStartupLog=000000000000006c g_uNtVerCombined=0xa03fab00 141c.27ac: \SystemRoot\System32\ntdll.dll: 141c.27ac: CreationTime: 2017-12-08T05:17:44.303593300Z 141c.27ac: LastWriteTime: 2017-12-08T05:17:44.469672500Z 141c.27ac: ChangeTime: 2017-12-13T10:17:11.337894700Z 141c.27ac: FileAttributes: 0x20 141c.27ac: Size: 0x1dd100 141c.27ac: NT Headers: 0xe0 141c.27ac: Timestamp: 0x493793ea 141c.27ac: Machine: 0x8664 - amd64 141c.27ac: Timestamp: 0x493793ea 141c.27ac: Image Version: 10.0 141c.27ac: SizeOfImage: 0x1e0000 (1966080) 141c.27ac: Resource Dir: 0x174000 LB 0x6a1d8 141c.27ac: ProductName: Microsoft® Windows® Operating System 141c.27ac: ProductVersion: 10.0.16299.64 141c.27ac: FileVersion: 10.0.16299.64 (WinBuild.160101.0800) 141c.27ac: FileDescription: NT Layer DLL 141c.27ac: \SystemRoot\System32\kernel32.dll: 141c.27ac: CreationTime: 2017-09-29T13:42:04.954227600Z 141c.27ac: LastWriteTime: 2017-09-29T13:42:04.954227600Z 141c.27ac: ChangeTime: 2017-12-08T20:50:27.463795300Z 141c.27ac: FileAttributes: 0x20 141c.27ac: Size: 0xab868 141c.27ac: NT Headers: 0xe8 141c.27ac: Timestamp: 0xc2cf900 141c.27ac: Machine: 0x8664 - amd64 141c.27ac: Timestamp: 0xc2cf900 141c.27ac: Image Version: 10.0 141c.27ac: SizeOfImage: 0xae000 (712704) 141c.27ac: Resource Dir: 0xac000 LB 0x520 141c.27ac: ProductName: Microsoft® Windows® Operating System 141c.27ac: ProductVersion: 10.0.16299.15 141c.27ac: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 141c.27ac: FileDescription: Windows NT BASE API Client DLL 141c.27ac: \SystemRoot\System32\KernelBase.dll: 141c.27ac: CreationTime: 2017-09-29T13:41:43.124345500Z 141c.27ac: LastWriteTime: 2017-09-29T13:41:43.124345500Z 141c.27ac: ChangeTime: 2017-12-08T20:50:27.526272500Z 141c.27ac: FileAttributes: 0x20 141c.27ac: Size: 0x266000 141c.27ac: NT Headers: 0xf0 141c.27ac: Timestamp: 0x4736733c 141c.27ac: Machine: 0x8664 - amd64 141c.27ac: Timestamp: 0x4736733c 141c.27ac: Image Version: 10.0 141c.27ac: SizeOfImage: 0x266000 (2514944) 141c.27ac: Resource Dir: 0x245000 LB 0x548 141c.27ac: ProductName: Microsoft® Windows® Operating System 141c.27ac: ProductVersion: 10.0.16299.15 141c.27ac: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 141c.27ac: FileDescription: Windows NT BASE API Client DLL 141c.27ac: \SystemRoot\System32\apisetschema.dll: 141c.27ac: CreationTime: 2017-09-29T13:42:07.095026600Z 141c.27ac: LastWriteTime: 2017-09-29T13:42:07.095026600Z 141c.27ac: ChangeTime: 2017-12-15T12:18:23.281148200Z 141c.27ac: FileAttributes: 0x20 141c.27ac: Size: 0x1b398 141c.27ac: NT Headers: 0xc8 141c.27ac: Timestamp: 0xf30abf31 141c.27ac: Machine: 0x8664 - amd64 141c.27ac: Timestamp: 0xf30abf31 141c.27ac: Image Version: 10.0 141c.27ac: SizeOfImage: 0x1c000 (114688) 141c.27ac: Resource Dir: 0x1b000 LB 0x408 141c.27ac: ProductName: Microsoft® Windows® Operating System 141c.27ac: ProductVersion: 10.0.16299.15 141c.27ac: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 141c.27ac: FileDescription: ApiSet Schema DLL 141c.27ac: NtOpenDirectoryObject failed on \Driver: 0xc0000022 141c.27ac: supR3HardenedWinFindAdversaries: 0x0 141c.27ac: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 141c.27ac: Calling main() 141c.27ac: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 141c.27ac: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 141c.27ac: SUPR3HardenedMain: Respawn #1 141c.27ac: System32: \Device\HarddiskVolume5\Windows\System32 141c.27ac: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS 141c.27ac: KnownDllPath: C:\WINDOWS\System32 141c.27ac: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 141c.27ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe) 141c.27ac: supR3HardNtEnableThreadCreation: 141c.27ac: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb826591b0 pvNtTerminateThread=00007ffb82680890 141c.27ac: supR3HardenedWinDoReSpawn(1): New child 17d4.1dc [kernel32]. 141c.27ac: supR3HardNtChildGatherData: PebBaseAddress=0000000000549000 cbPeb=0x388 141c.27ac: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffb825e0000 uNtDllChildAddr=00007ffb825e0000 141c.27ac: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffb826591b0 141c.27ac: supR3HardenedWinSetupChildInit: Start child. 141c.27ac: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms. 141c.27ac: supR3HardNtChildPurify: Startup delay kludge #1/0: 263 ms, 32 sleeps 141c.27ac: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 141c.27ac: *0000000000000000-ffffffffffd5ffff 0x0001/0x0000 0x0000000 141c.27ac: *00000000002a0000-000000000027ffff 0x0004/0x0004 0x0020000 141c.27ac: *00000000002c0000-00000000002a6fff 0x0002/0x0002 0x0040000 141c.27ac: 00000000002d9000-00000000002d1fff 0x0001/0x0000 0x0000000 141c.27ac: *00000000002e0000-00000000001e4fff 0x0000/0x0004 0x0020000 141c.27ac: 00000000003db000-00000000003d7fff 0x0104/0x0004 0x0020000 141c.27ac: 00000000003de000-00000000003dbfff 0x0004/0x0004 0x0020000 141c.27ac: *00000000003e0000-00000000003dbfff 0x0002/0x0002 0x0040000 141c.27ac: 00000000003e4000-00000000003d7fff 0x0001/0x0000 0x0000000 141c.27ac: *00000000003f0000-00000000003eefff 0x0004/0x0004 0x0020000 141c.27ac: 00000000003f1000-00000000003e1fff 0x0001/0x0000 0x0000000 141c.27ac: *0000000000400000-00000000002b6fff 0x0000/0x0004 0x0020000 141c.27ac: 0000000000549000-0000000000545fff 0x0004/0x0004 0x0020000 141c.27ac: 000000000054c000-0000000000497fff 0x0000/0x0004 0x0020000 141c.27ac: 0000000000600000-ffffffff80c1ffff 0x0001/0x0000 0x0000000 141c.27ac: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 141c.27ac: *000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 141c.27ac: 000000007fff0000-ffff800a011effff 0x0001/0x0000 0x0000000 141c.27ac: *00007ff6fedf0000-00007ff6fedccfff 0x0002/0x0002 0x0040000 141c.27ac: 00007ff6fee13000-00007ff6fe6c5fff 0x0001/0x0000 0x0000000 141c.27ac: *00007ff6ff560000-00007ff6ff560fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 141c.27ac: 00007ff6ff561000-00007ff6ff5cffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 141c.27ac: 00007ff6ff5d0000-00007ff6ff5d0fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 141c.27ac: 00007ff6ff5d1000-00007ff6ff615fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 141c.27ac: 00007ff6ff616000-00007ff6ff616fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 141c.27ac: 00007ff6ff617000-00007ff6ff617fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 141c.27ac: 00007ff6ff618000-00007ff6ff61cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 141c.27ac: 00007ff6ff61d000-00007ff6ff61dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 141c.27ac: 00007ff6ff61e000-00007ff6ff61efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 141c.27ac: 00007ff6ff61f000-00007ff6ff622fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 141c.27ac: 00007ff6ff623000-00007ff6ff66afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 141c.27ac: 00007ff6ff66b000-00007ff27c6f5fff 0x0001/0x0000 0x0000000 141c.27ac: *00007ffb825e0000-00007ffb825e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 141c.27ac: 00007ffb825e1000-00007ffb826f2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 141c.27ac: 00007ffb826f3000-00007ffb82738fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 141c.27ac: 00007ffb82739000-00007ffb82740fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 141c.27ac: 00007ffb82741000-00007ffb8274efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 141c.27ac: 00007ffb8274f000-00007ffb8274ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 141c.27ac: 00007ffb82750000-00007ffb82752fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 141c.27ac: 00007ffb82753000-00007ffb827bffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 141c.27ac: 00007ffb827c0000-00007ff704f9ffff 0x0001/0x0000 0x0000000 141c.27ac: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 141c.27ac: VirtualBox.exe: timestamp 0x58c01b6a (rc=VINF_SUCCESS) 141c.27ac: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 141c.27ac: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports 141c.27ac: supR3HardNtChildPurify: Done after 317 ms and 0 fixes (loop #0). 17d4.1dc: Log file opened: 5.1.16r113841 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03fab00 17d4.1dc: supR3HardenedVmProcessInit: uNtDllAddr=00007ffb825e0000 g_uNtVerCombined=0xa03fab00 17d4.1dc: ntdll.dll: timestamp 0x493793ea (rc=VINF_SUCCESS) 17d4.1dc: New simple heap: #1 0000000000700000 LB 0x400000 (for 1966080 allocation) 141c.27ac: supR3HardNtEnableThreadCreation: 17d4.1dc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 17d4.1dc: System32: \Device\HarddiskVolume5\Windows\System32 17d4.1dc: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS 17d4.1dc: KnownDllPath: C:\WINDOWS\System32 17d4.1dc: supR3HardenedVmProcessInit: Opening vboxdrv stub... 17d4.1dc: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 17d4.1dc: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 17d4.1dc: Registered Dll notification callback with NTDLL. 17d4.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll) 17d4.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel32.dll 17d4.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] 17d4.1dc: supR3HardenedDllNotificationCallback: load 00007ffb7f6a0000 LB 0x00266000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0] 17d4.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll) 17d4.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\KernelBase.dll 17d4.1dc: supR3HardenedDllNotificationCallback: load 00007ffb81b70000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0] 17d4.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 17d4.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb81b70000 'C:\WINDOWS\System32\KERNEL32.DLL' 17d4.1dc: supR3HardenedDllNotificationCallback: load 00007ff6ff560000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 17d4.1dc: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 17d4.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe) 17d4.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 17d4.1dc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb826591b0 pvNtTerminateThread=00007ffb82680890 141c.27ac: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 136 ms. 17d4.1dc: \SystemRoot\System32\ntdll.dll: 17d4.1dc: CreationTime: 2017-12-08T05:17:44.303593300Z 17d4.1dc: LastWriteTime: 2017-12-08T05:17:44.469672500Z 17d4.1dc: ChangeTime: 2017-12-13T10:17:11.337894700Z 17d4.1dc: FileAttributes: 0x20 17d4.1dc: Size: 0x1dd100 17d4.1dc: NT Headers: 0xe0 17d4.1dc: Timestamp: 0x493793ea 17d4.1dc: Machine: 0x8664 - amd64 17d4.1dc: Timestamp: 0x493793ea 17d4.1dc: Image Version: 10.0 17d4.1dc: SizeOfImage: 0x1e0000 (1966080) 17d4.1dc: Resource Dir: 0x174000 LB 0x6a1d8 17d4.1dc: ProductName: Microsoft® Windows® Operating System 17d4.1dc: ProductVersion: 10.0.16299.64 17d4.1dc: FileVersion: 10.0.16299.64 (WinBuild.160101.0800) 17d4.1dc: FileDescription: NT Layer DLL 17d4.1dc: \SystemRoot\System32\kernel32.dll: 17d4.1dc: CreationTime: 2017-09-29T13:42:04.954227600Z 17d4.1dc: LastWriteTime: 2017-09-29T13:42:04.954227600Z 17d4.1dc: ChangeTime: 2017-12-08T20:50:27.463795300Z 17d4.1dc: FileAttributes: 0x20 17d4.1dc: Size: 0xab868 17d4.1dc: NT Headers: 0xe8 17d4.1dc: Timestamp: 0xc2cf900 17d4.1dc: Machine: 0x8664 - amd64 17d4.1dc: Timestamp: 0xc2cf900 17d4.1dc: Image Version: 10.0 17d4.1dc: SizeOfImage: 0xae000 (712704) 17d4.1dc: Resource Dir: 0xac000 LB 0x520 17d4.1dc: ProductName: Microsoft® Windows® Operating System 17d4.1dc: ProductVersion: 10.0.16299.15 17d4.1dc: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 17d4.1dc: FileDescription: Windows NT BASE API Client DLL 17d4.1dc: \SystemRoot\System32\KernelBase.dll: 17d4.1dc: CreationTime: 2017-09-29T13:41:43.124345500Z 17d4.1dc: LastWriteTime: 2017-09-29T13:41:43.124345500Z 17d4.1dc: ChangeTime: 2017-12-08T20:50:27.526272500Z 17d4.1dc: FileAttributes: 0x20 17d4.1dc: Size: 0x266000 17d4.1dc: NT Headers: 0xf0 17d4.1dc: Timestamp: 0x4736733c 17d4.1dc: Machine: 0x8664 - amd64 17d4.1dc: Timestamp: 0x4736733c 17d4.1dc: Image Version: 10.0 17d4.1dc: SizeOfImage: 0x266000 (2514944) 17d4.1dc: Resource Dir: 0x245000 LB 0x548 17d4.1dc: ProductName: Microsoft® Windows® Operating System 17d4.1dc: ProductVersion: 10.0.16299.15 17d4.1dc: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 17d4.1dc: FileDescription: Windows NT BASE API Client DLL 17d4.1dc: \SystemRoot\System32\apisetschema.dll: 17d4.1dc: CreationTime: 2017-09-29T13:42:07.095026600Z 17d4.1dc: LastWriteTime: 2017-09-29T13:42:07.095026600Z 17d4.1dc: ChangeTime: 2017-12-15T12:18:23.281148200Z 17d4.1dc: FileAttributes: 0x20 17d4.1dc: Size: 0x1b398 17d4.1dc: NT Headers: 0xc8 17d4.1dc: Timestamp: 0xf30abf31 17d4.1dc: Machine: 0x8664 - amd64 17d4.1dc: Timestamp: 0xf30abf31 17d4.1dc: Image Version: 10.0 17d4.1dc: SizeOfImage: 0x1c000 (114688) 17d4.1dc: Resource Dir: 0x1b000 LB 0x408 17d4.1dc: ProductName: Microsoft® Windows® Operating System 17d4.1dc: ProductVersion: 10.0.16299.15 17d4.1dc: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 17d4.1dc: FileDescription: ApiSet Schema DLL 17d4.1dc: NtOpenDirectoryObject failed on \Driver: 0xc0000022 17d4.1dc: supR3HardenedWinFindAdversaries: 0x0 17d4.1dc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 17d4.1dc: Calling main() 17d4.1dc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 17d4.1dc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 17d4.1dc: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 17d4.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe) 17d4.1dc: SUPR3HardenedMain: Respawn #2 17d4.1dc: supR3HardNtEnableThreadCreation: 17d4.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 17d4.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'. 17d4.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'. 17d4.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\advapi32.dll) 17d4.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\advapi32.dll 17d4.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 17d4.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 17d4.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll) 17d4.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll 17d4.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'... 17d4.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume5\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008] 17d4.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 17d4.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\sechost.dll) 17d4.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\sechost.dll 17d4.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 17d4.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 17d4.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcrt.dll) 17d4.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcrt.dll 17d4.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 17d4.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 17d4.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 17d4.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x1000 pwszSearchPath=0000000000000000: [calling] 17d4.1dc: supR3HardenedDllNotificationCallback: load 00007ffb7fb00000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0] 17d4.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 17d4.1dc: supR3HardenedDllNotificationCallback: load 00007ffb81e80000 LB 0x0011f000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0] 17d4.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 17d4.1dc: supR3HardenedDllNotificationCallback: load 00007ffb81e10000 LB 0x0005b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0] 17d4.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\sechost.dll [lacks WinVerifyTrust] 17d4.1dc: supR3HardenedDllNotificationCallback: load 00007ffb81fa0000 LB 0x000a1000 C:\WINDOWS\System32\ADVAPI32.DLL [fFlags=0x0] 17d4.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 17d4.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb81fa0000 'C:\WINDOWS\System32\ADVAPI32.DLL' 17d4.1dc: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports 17d4.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ntdll.dll) 17d4.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ntdll.dll 17d4.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 17d4.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb825e0000 'C:\WINDOWS\System32\ntdll.dll' 17d4.1dc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb826591b0 pvNtTerminateThread=00007ffb82680890 17d4.1dc: supR3HardenedWinDoReSpawn(2): New child 1e5c.2738 [kernel32]. 17d4.1dc: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless) 17d4.1dc: supR3HardNtChildGatherData: PebBaseAddress=00000000006c8000 cbPeb=0x388 17d4.1dc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffb825e0000 uNtDllChildAddr=00007ffb825e0000 17d4.1dc: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffb826591b0 17d4.1dc: supR3HardenedWinSetupChildInit: Start child. 17d4.1dc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 17d4.1dc: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 32 sleeps 17d4.1dc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 17d4.1dc: *0000000000000000-ffffffffffa9ffff 0x0001/0x0000 0x0000000 17d4.1dc: *0000000000560000-000000000053ffff 0x0004/0x0004 0x0020000 17d4.1dc: *0000000000580000-0000000000566fff 0x0002/0x0002 0x0040000 17d4.1dc: 0000000000599000-0000000000591fff 0x0001/0x0000 0x0000000 17d4.1dc: *00000000005a0000-000000000059bfff 0x0002/0x0002 0x0040000 17d4.1dc: 00000000005a4000-0000000000597fff 0x0001/0x0000 0x0000000 17d4.1dc: *00000000005b0000-00000000005aefff 0x0004/0x0004 0x0020000 17d4.1dc: 00000000005b1000-0000000000561fff 0x0001/0x0000 0x0000000 17d4.1dc: *0000000000600000-0000000000537fff 0x0000/0x0004 0x0020000 17d4.1dc: 00000000006c8000-00000000006c4fff 0x0004/0x0004 0x0020000 17d4.1dc: 00000000006cb000-0000000000595fff 0x0000/0x0004 0x0020000 17d4.1dc: *0000000000800000-0000000000704fff 0x0000/0x0004 0x0020000 17d4.1dc: 00000000008fb000-00000000008f7fff 0x0104/0x0004 0x0020000 17d4.1dc: 00000000008fe000-00000000008fbfff 0x0004/0x0004 0x0020000 17d4.1dc: 0000000000900000-ffffffff8121ffff 0x0001/0x0000 0x0000000 17d4.1dc: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 17d4.1dc: *000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 17d4.1dc: 000000007fff0000-ffff800a015affff 0x0001/0x0000 0x0000000 17d4.1dc: *00007ff6fea30000-00007ff6fea0cfff 0x0002/0x0002 0x0040000 17d4.1dc: 00007ff6fea53000-00007ff6fdf45fff 0x0001/0x0000 0x0000000 17d4.1dc: *00007ff6ff560000-00007ff6ff560fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 17d4.1dc: 00007ff6ff561000-00007ff6ff5cffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 17d4.1dc: 00007ff6ff5d0000-00007ff6ff5d0fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 17d4.1dc: 00007ff6ff5d1000-00007ff6ff615fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 17d4.1dc: 00007ff6ff616000-00007ff6ff616fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 17d4.1dc: 00007ff6ff617000-00007ff6ff617fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 17d4.1dc: 00007ff6ff618000-00007ff6ff61cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 17d4.1dc: 00007ff6ff61d000-00007ff6ff61dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 17d4.1dc: 00007ff6ff61e000-00007ff6ff61efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 17d4.1dc: 00007ff6ff61f000-00007ff6ff622fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 17d4.1dc: 00007ff6ff623000-00007ff6ff66afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 17d4.1dc: 00007ff6ff66b000-00007ff27c6f5fff 0x0001/0x0000 0x0000000 17d4.1dc: *00007ffb825e0000-00007ffb825e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 17d4.1dc: 00007ffb825e1000-00007ffb826f2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 17d4.1dc: 00007ffb826f3000-00007ffb82738fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 17d4.1dc: 00007ffb82739000-00007ffb82740fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 17d4.1dc: 00007ffb82741000-00007ffb8274efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 17d4.1dc: 00007ffb8274f000-00007ffb8274ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 17d4.1dc: 00007ffb82750000-00007ffb82752fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 17d4.1dc: 00007ffb82753000-00007ffb827bffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 17d4.1dc: 00007ffb827c0000-00007ff704f9ffff 0x0001/0x0000 0x0000000 17d4.1dc: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 17d4.1dc: VirtualBox.exe: timestamp 0x58c01b6a (rc=VINF_SUCCESS) 17d4.1dc: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 17d4.1dc: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports 17d4.1dc: supR3HardNtChildPurify: Done after 322 ms and 0 fixes (loop #0). 1e5c.2738: Log file opened: 5.1.16r113841 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03fab00 1e5c.2738: supR3HardenedVmProcessInit: uNtDllAddr=00007ffb825e0000 g_uNtVerCombined=0xa03fab00 1e5c.2738: ntdll.dll: timestamp 0x493793ea (rc=VINF_SUCCESS) 1e5c.2738: New simple heap: #1 0000000000a00000 LB 0x400000 (for 1966080 allocation) 17d4.1dc: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000700000 LB 0x400000) 17d4.1dc: supR3HardNtEnableThreadCreation: 1e5c.2738: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 1e5c.2738: System32: \Device\HarddiskVolume5\Windows\System32 1e5c.2738: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS 1e5c.2738: KnownDllPath: C:\WINDOWS\System32 1e5c.2738: supR3HardenedVmProcessInit: Opening vboxdrv... 1e5c.2738: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 1e5c.2738: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 1e5c.2738: Registered Dll notification callback with NTDLL. 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel32.dll 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] 1e5c.2738: supR3HardenedDllNotificationCallback: load 00007ffb7f6a0000 LB 0x00266000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0] 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\KernelBase.dll 1e5c.2738: supR3HardenedDllNotificationCallback: load 00007ffb81b70000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0] 1e5c.2738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb81b70000 'C:\WINDOWS\System32\KERNEL32.DLL' 1e5c.2738: supR3HardenedDllNotificationCallback: load 00007ff6ff560000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 1e5c.2738: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e5c.2738: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb826591b0 pvNtTerminateThread=00007ffb82680890 17d4.1dc: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 150 ms. 1e5c.2738: \SystemRoot\System32\ntdll.dll: 1e5c.2738: CreationTime: 2017-12-08T05:17:44.303593300Z 1e5c.2738: LastWriteTime: 2017-12-08T05:17:44.469672500Z 1e5c.2738: ChangeTime: 2017-12-13T10:17:11.337894700Z 1e5c.2738: FileAttributes: 0x20 1e5c.2738: Size: 0x1dd100 1e5c.2738: NT Headers: 0xe0 1e5c.2738: Timestamp: 0x493793ea 1e5c.2738: Machine: 0x8664 - amd64 1e5c.2738: Timestamp: 0x493793ea 1e5c.2738: Image Version: 10.0 1e5c.2738: SizeOfImage: 0x1e0000 (1966080) 1e5c.2738: Resource Dir: 0x174000 LB 0x6a1d8 1e5c.2738: ProductName: Microsoft® Windows® Operating System 1e5c.2738: ProductVersion: 10.0.16299.64 1e5c.2738: FileVersion: 10.0.16299.64 (WinBuild.160101.0800) 1e5c.2738: FileDescription: NT Layer DLL 1e5c.2738: \SystemRoot\System32\kernel32.dll: 1e5c.2738: CreationTime: 2017-09-29T13:42:04.954227600Z 1e5c.2738: LastWriteTime: 2017-09-29T13:42:04.954227600Z 1e5c.2738: ChangeTime: 2017-12-08T20:50:27.463795300Z 1e5c.2738: FileAttributes: 0x20 1e5c.2738: Size: 0xab868 1e5c.2738: NT Headers: 0xe8 1e5c.2738: Timestamp: 0xc2cf900 1e5c.2738: Machine: 0x8664 - amd64 1e5c.2738: Timestamp: 0xc2cf900 1e5c.2738: Image Version: 10.0 1e5c.2738: SizeOfImage: 0xae000 (712704) 1e5c.2738: Resource Dir: 0xac000 LB 0x520 1e5c.2738: ProductName: Microsoft® Windows® Operating System 1e5c.2738: ProductVersion: 10.0.16299.15 1e5c.2738: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 1e5c.2738: FileDescription: Windows NT BASE API Client DLL 1e5c.2738: \SystemRoot\System32\KernelBase.dll: 1e5c.2738: CreationTime: 2017-09-29T13:41:43.124345500Z 1e5c.2738: LastWriteTime: 2017-09-29T13:41:43.124345500Z 1e5c.2738: ChangeTime: 2017-12-08T20:50:27.526272500Z 1e5c.2738: FileAttributes: 0x20 1e5c.2738: Size: 0x266000 1e5c.2738: NT Headers: 0xf0 1e5c.2738: Timestamp: 0x4736733c 1e5c.2738: Machine: 0x8664 - amd64 1e5c.2738: Timestamp: 0x4736733c 1e5c.2738: Image Version: 10.0 1e5c.2738: SizeOfImage: 0x266000 (2514944) 1e5c.2738: Resource Dir: 0x245000 LB 0x548 1e5c.2738: ProductName: Microsoft® Windows® Operating System 1e5c.2738: ProductVersion: 10.0.16299.15 1e5c.2738: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 1e5c.2738: FileDescription: Windows NT BASE API Client DLL 1e5c.2738: \SystemRoot\System32\apisetschema.dll: 1e5c.2738: CreationTime: 2017-09-29T13:42:07.095026600Z 1e5c.2738: LastWriteTime: 2017-09-29T13:42:07.095026600Z 1e5c.2738: ChangeTime: 2017-12-15T12:18:23.281148200Z 1e5c.2738: FileAttributes: 0x20 1e5c.2738: Size: 0x1b398 1e5c.2738: NT Headers: 0xc8 1e5c.2738: Timestamp: 0xf30abf31 1e5c.2738: Machine: 0x8664 - amd64 1e5c.2738: Timestamp: 0xf30abf31 1e5c.2738: Image Version: 10.0 1e5c.2738: SizeOfImage: 0x1c000 (114688) 1e5c.2738: Resource Dir: 0x1b000 LB 0x408 1e5c.2738: ProductName: Microsoft® Windows® Operating System 1e5c.2738: ProductVersion: 10.0.16299.15 1e5c.2738: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 1e5c.2738: FileDescription: ApiSet Schema DLL 1e5c.2738: NtOpenDirectoryObject failed on \Driver: 0xc0000022 1e5c.2738: supR3HardenedWinFindAdversaries: 0x0 1e5c.2738: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 1e5c.2738: Calling main() 1e5c.2738: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 1e5c.2738: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 1e5c.2738: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe) 1e5c.2738: SUPR3HardenedMain: Final process, opening VBoxDrv... 1e5c.2738: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000a00000 LB 0x400000) 1e5c.2738: supR3HardNtEnableThreadCreation: 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 1e5c.2738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedDllNotificationCallback: load 00007ffb6fa20000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] 1e5c.2738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb6fa20000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 1e5c.2738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb6fa20000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb6fa20000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'. 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wintrust.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wintrust.dll 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume5\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'msasn1.dll'. 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\crypt32.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\crypt32.dll 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume5\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msasn1.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msasn1.dll 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcrt.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcrt.dll 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume5\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 1e5c.2738: supR3HardenedDllNotificationCallback: load 00007ffb7fb00000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0] 1e5c.2738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedDllNotificationCallback: load 00007ffb7e970000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0] 1e5c.2738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedDllNotificationCallback: load 00007ffb7e9e0000 LB 0x000f6000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0] 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ucrtbase.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ucrtbase.dll 1e5c.2738: supR3HardenedDllNotificationCallback: load 00007ffb7f4d0000 LB 0x001ce000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0] 1e5c.2738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedDllNotificationCallback: load 00007ffb81e80000 LB 0x0011f000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0] 1e5c.2738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedDllNotificationCallback: load 00007ffb81e10000 LB 0x0005b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0] 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\sechost.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\sechost.dll 1e5c.2738: supR3HardenedDllNotificationCallback: load 00007ffb81fa0000 LB 0x000a1000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0] 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'. 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\advapi32.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\advapi32.dll 1e5c.2738: supR3HardenedDllNotificationCallback: load 00007ffb7ec80000 LB 0x00058000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0] 1e5c.2738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7f6a0000 'api-ms-win-core-synch-l1-2-0' 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7f6a0000 'api-ms-win-core-fibers-l1-1-1' 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7f6a0000 'api-ms-win-core-fibers-l1-1-1' 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7f6a0000 'api-ms-win-core-synch-l1-2-0' 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7f6a0000 'api-ms-win-core-localization-l1-2-1' 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7ec80000 'C:\WINDOWS\system32\Wintrust.dll' 1e5c.2738: supHardenedWinVerifyImageByHandle: -> -626 (\Device\HarddiskVolume5\Windows\System32\bcrypt.dll) 1e5c.2738: Error (rc=0): 1e5c.2738: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume5\Windows\System32\bcrypt.dll: Grown load config (244 to 256 bytes) includes non-zero bytes: 00 00 00 00 60 a9 01 80 01 00 00 00 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\bcrypt.dll 1e5c.2738: Error (rc=0): 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\WINDOWS\system32\bcrypt.dll' (C:\WINDOWS\system32\bcrypt.dll): rcNt=0xc0000190 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\WINDOWS\system32\bcrypt.dll' 1e5c.2738: Warning! Failed to load bcrypt.dll 1e5c.2738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume5\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\sechost.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7ec80000 'C:\Windows\System32\WINTRUST.DLL' 1e5c.2738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7ec80000 'C:\Windows\System32\WINTRUST.DLL' 1e5c.2738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7ec80000 'C:\Windows\System32\WINTRUST.DLL' 1e5c.2738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7ec80000 'C:\Windows\System32\WINTRUST.DLL' 1e5c.2738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7ec80000 'C:\Windows\System32\WINTRUST.DLL' 1e5c.2738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7ec80000 'C:\Windows\System32\WINTRUST.DLL' 1e5c.2738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7ec80000 'C:\Windows\System32\WINTRUST.DLL' 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\cryptsp.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cryptsp.dll 1e5c.2738: supR3HardenedDllNotificationCallback: load 00007ffb7e380000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0] 1e5c.2738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'. 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\rsaenh.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\rsaenh.dll 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -626 (0xfffffd8e)) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 1e5c.2738: Error (rc=0): 1e5c.2738: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume5\Windows\System32\bcrypt.dll 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1e5c.2738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status -626 (0xfffffd8e)) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 1e5c.2738: Error (rc=0): 1e5c.2738: supR3HardenedScreenImage/NtCreateSection: cached rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x10 fAccess=0xf cHits=2 \Device\HarddiskVolume5\Windows\System32\bcrypt.dll 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\WINDOWS\system32\rsaenh.dll' 1e5c.2738: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x8 () on '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' 1e5c.2738: Error -22919 in VirtualBox! (enmWhat=1) 1e5c.2738: WinVerifyTrust failed on stub executable: WinVerifyTrust failed with hrc=Unknown Status 0x8 on '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'. 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.dll 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\winmm.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\winmm.dll 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'. 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\oleaut32.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\oleaut32.dll 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'gdi32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'user32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'combase.dll'. 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ole32.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ole32.dll 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #73 'user32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'gdi32.dll'. 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\shell32.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\shell32.dll 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'. 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\user32.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\user32.dll 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'. 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'. 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'. 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'. 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\opengl32.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\opengl32.dll 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume5\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'. 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\glu32.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\glu32.dll 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\gdi32.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\gdi32.dll 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ws2_32.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ws2_32.dll 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume5\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\mpr.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\mpr.dll 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume5\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'shlwapi.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'comctl32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'shell32.dll'. 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\comdlg32.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\comdlg32.dll 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume5\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'iphlpapi.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'bcrypt.dll'. 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\winspool.drv) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\winspool.drv 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 1e5c.2738: '\Device\HarddiskVolume5\Windows\System32\win32u.dll' has no imports 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\win32u.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\win32u.dll 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'. 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\combase.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\combase.dll 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\winmmbase.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\winmmbase.dll 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supHardenedWinVerifyImageByHandle: -> -626 (\Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll) 1e5c.2738: Error (rc=0): 1e5c.2738: supR3HardenedScreenImage/Imports: rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll: Grown load config (244 to 256 bytes) includes non-zero bytes: 00 00 00 00 40 16 06 80 01 00 00 00 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -626 (0xfffffd8e)) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 1e5c.2738: Error (rc=0): 1e5c.2738: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x0 fAccess=0x0 cHits=3 \Device\HarddiskVolume5\Windows\System32\bcrypt.dll 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\comctl32.dll' [rcNtRedir=0x0] 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\comctl32.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\comctl32.dll 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'gdi32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'user32.dll'. 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\shlwapi.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\shlwapi.dll 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1e5c.2738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1e5c.2738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01: [calling] 1e5c.2738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\glu32.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\mpr.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\winspool.drv [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 1e5c.2738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 1e5c.2738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.125_none_88782a244abc4c60\comctl32.dll) 1e5c.2738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.125_none_88782a244abc4c60\comctl32.dll 1e5c.2738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmmbase.dll [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL [lacks WinVerifyTrust] 1e5c.2738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status -626 (0xfffffd8e)) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 1e5c.2738: Error (rc=0): 1e5c.2738: supR3HardenedScreenImage/NtCreateSection: cached rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x10 fAccess=0xf cHits=4 \Device\HarddiskVolume5\Windows\System32\bcrypt.dll 1e5c.2738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll' 17d4.1dc: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1171 ms, the end); 141c.27ac: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1807 ms, the end);