1b70.1ad4: Log file opened: 5.1.16r113841 g_hStartupLog=0000000000000068 g_uNtVerCombined=0xa03fab00 1b70.1ad4: \SystemRoot\System32\ntdll.dll: 1b70.1ad4: CreationTime: 2017-12-08T05:17:44.303593300Z 1b70.1ad4: LastWriteTime: 2017-12-08T05:17:44.469672500Z 1b70.1ad4: ChangeTime: 2017-12-13T10:17:11.337894700Z 1b70.1ad4: FileAttributes: 0x20 1b70.1ad4: Size: 0x1dd100 1b70.1ad4: NT Headers: 0xe0 1b70.1ad4: Timestamp: 0x493793ea 1b70.1ad4: Machine: 0x8664 - amd64 1b70.1ad4: Timestamp: 0x493793ea 1b70.1ad4: Image Version: 10.0 1b70.1ad4: SizeOfImage: 0x1e0000 (1966080) 1b70.1ad4: Resource Dir: 0x174000 LB 0x6a1d8 1b70.1ad4: ProductName: Microsoft® Windows® Operating System 1b70.1ad4: ProductVersion: 10.0.16299.64 1b70.1ad4: FileVersion: 10.0.16299.64 (WinBuild.160101.0800) 1b70.1ad4: FileDescription: NT Layer DLL 1b70.1ad4: \SystemRoot\System32\kernel32.dll: 1b70.1ad4: CreationTime: 2017-09-29T13:42:04.954227600Z 1b70.1ad4: LastWriteTime: 2017-09-29T13:42:04.954227600Z 1b70.1ad4: ChangeTime: 2017-12-08T20:50:27.463795300Z 1b70.1ad4: FileAttributes: 0x20 1b70.1ad4: Size: 0xab868 1b70.1ad4: NT Headers: 0xe8 1b70.1ad4: Timestamp: 0xc2cf900 1b70.1ad4: Machine: 0x8664 - amd64 1b70.1ad4: Timestamp: 0xc2cf900 1b70.1ad4: Image Version: 10.0 1b70.1ad4: SizeOfImage: 0xae000 (712704) 1b70.1ad4: Resource Dir: 0xac000 LB 0x520 1b70.1ad4: ProductName: Microsoft® Windows® Operating System 1b70.1ad4: ProductVersion: 10.0.16299.15 1b70.1ad4: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 1b70.1ad4: FileDescription: Windows NT BASE API Client DLL 1b70.1ad4: \SystemRoot\System32\KernelBase.dll: 1b70.1ad4: CreationTime: 2017-09-29T13:41:43.124345500Z 1b70.1ad4: LastWriteTime: 2017-09-29T13:41:43.124345500Z 1b70.1ad4: ChangeTime: 2017-12-08T20:50:27.526272500Z 1b70.1ad4: FileAttributes: 0x20 1b70.1ad4: Size: 0x266000 1b70.1ad4: NT Headers: 0xf0 1b70.1ad4: Timestamp: 0x4736733c 1b70.1ad4: Machine: 0x8664 - amd64 1b70.1ad4: Timestamp: 0x4736733c 1b70.1ad4: Image Version: 10.0 1b70.1ad4: SizeOfImage: 0x266000 (2514944) 1b70.1ad4: Resource Dir: 0x245000 LB 0x548 1b70.1ad4: ProductName: Microsoft® Windows® Operating System 1b70.1ad4: ProductVersion: 10.0.16299.15 1b70.1ad4: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 1b70.1ad4: FileDescription: Windows NT BASE API Client DLL 1b70.1ad4: \SystemRoot\System32\apisetschema.dll: 1b70.1ad4: CreationTime: 2017-09-29T13:42:07.095026600Z 1b70.1ad4: LastWriteTime: 2017-09-29T13:42:07.095026600Z 1b70.1ad4: ChangeTime: 2017-12-15T12:18:23.281148200Z 1b70.1ad4: FileAttributes: 0x20 1b70.1ad4: Size: 0x1b398 1b70.1ad4: NT Headers: 0xc8 1b70.1ad4: Timestamp: 0xf30abf31 1b70.1ad4: Machine: 0x8664 - amd64 1b70.1ad4: Timestamp: 0xf30abf31 1b70.1ad4: Image Version: 10.0 1b70.1ad4: SizeOfImage: 0x1c000 (114688) 1b70.1ad4: Resource Dir: 0x1b000 LB 0x408 1b70.1ad4: ProductName: Microsoft® Windows® Operating System 1b70.1ad4: ProductVersion: 10.0.16299.15 1b70.1ad4: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 1b70.1ad4: FileDescription: ApiSet Schema DLL 1b70.1ad4: NtOpenDirectoryObject failed on \Driver: 0xc0000022 1b70.1ad4: supR3HardenedWinFindAdversaries: 0x4 1b70.1ad4: \SystemRoot\System32\drivers\aswHwid.sys: 1b70.1ad4: CreationTime: 2017-12-08T05:32:36.270047300Z 1b70.1ad4: LastWriteTime: 2017-12-23T03:42:57.586447300Z 1b70.1ad4: ChangeTime: 2017-12-23T03:43:17.933620400Z 1b70.1ad4: FileAttributes: 0x20 1b70.1ad4: Size: 0xb780 1b70.1ad4: NT Headers: 0xe8 1b70.1ad4: Timestamp: 0x5a3021aa 1b70.1ad4: Machine: 0x8664 - amd64 1b70.1ad4: Timestamp: 0x5a3021aa 1b70.1ad4: Image Version: 6.0 1b70.1ad4: SizeOfImage: 0xa000 (40960) 1b70.1ad4: Resource Dir: 0x8000 LB 0x388 1b70.1ad4: ProductName: Avast Antivirus 1b70.1ad4: ProductVersion: 17.9.3754.0 1b70.1ad4: FileVersion: 17.9.3754.0 1b70.1ad4: FileDescription: Avast HWID 1b70.1ad4: \SystemRoot\System32\drivers\aswMonFlt.sys: 1b70.1ad4: CreationTime: 2017-12-08T05:32:36.294165700Z 1b70.1ad4: LastWriteTime: 2017-12-23T03:42:57.639240800Z 1b70.1ad4: ChangeTime: 2017-12-23T03:43:17.933620400Z 1b70.1ad4: FileAttributes: 0x20 1b70.1ad4: Size: 0x23ce8 1b70.1ad4: NT Headers: 0xf0 1b70.1ad4: Timestamp: 0x5a30243f 1b70.1ad4: Machine: 0x8664 - amd64 1b70.1ad4: Timestamp: 0x5a30243f 1b70.1ad4: Image Version: 6.0 1b70.1ad4: SizeOfImage: 0x27000 (159744) 1b70.1ad4: Resource Dir: 0x25000 LB 0x3b0 1b70.1ad4: ProductName: Avast Antivirus 1b70.1ad4: ProductVersion: 17.9.3754.0 1b70.1ad4: FileVersion: 17.9.3754.0 1b70.1ad4: FileDescription: Avast File System Minifilter for Windows 2003/Vista 1b70.1ad4: \SystemRoot\System32\drivers\aswRdr2.sys: 1b70.1ad4: CreationTime: 2017-12-08T05:32:36.312766900Z 1b70.1ad4: LastWriteTime: 2017-12-23T03:42:56.985959700Z 1b70.1ad4: ChangeTime: 2017-12-23T03:43:17.934120300Z 1b70.1ad4: FileAttributes: 0x20 1b70.1ad4: Size: 0x1af00 1b70.1ad4: NT Headers: 0xf0 1b70.1ad4: Timestamp: 0x5a3021c2 1b70.1ad4: Machine: 0x8664 - amd64 1b70.1ad4: Timestamp: 0x5a3021c2 1b70.1ad4: Image Version: 6.1 1b70.1ad4: SizeOfImage: 0x1a000 (106496) 1b70.1ad4: Resource Dir: 0x18000 LB 0x398 1b70.1ad4: ProductName: Avast Antivirus 1b70.1ad4: ProductVersion: 17.9.3754.0 1b70.1ad4: FileVersion: 17.9.3754.0 built by: WinDDK 1b70.1ad4: FileDescription: Avast WFP Redirect Driver 1b70.1ad4: \SystemRoot\System32\drivers\aswRvrt.sys: 1b70.1ad4: CreationTime: 2017-12-08T05:32:36.317839300Z 1b70.1ad4: LastWriteTime: 2017-12-23T03:42:57.709545000Z 1b70.1ad4: ChangeTime: 2017-12-23T03:43:17.934120300Z 1b70.1ad4: FileAttributes: 0x20 1b70.1ad4: Size: 0x149a0 1b70.1ad4: NT Headers: 0xf0 1b70.1ad4: Timestamp: 0x5a3021ae 1b70.1ad4: Machine: 0x8664 - amd64 1b70.1ad4: Timestamp: 0x5a3021ae 1b70.1ad4: Image Version: 6.0 1b70.1ad4: SizeOfImage: 0x13000 (77824) 1b70.1ad4: Resource Dir: 0x11000 LB 0x388 1b70.1ad4: ProductName: Avast Antivirus 1b70.1ad4: ProductVersion: 17.9.3754.0 1b70.1ad4: FileVersion: 17.9.3754.0 1b70.1ad4: FileDescription: Avast Revert 1b70.1ad4: \SystemRoot\System32\drivers\aswSnx.sys: 1b70.1ad4: CreationTime: 2017-12-08T05:32:36.322844100Z 1b70.1ad4: LastWriteTime: 2017-12-23T03:42:33.853316300Z 1b70.1ad4: ChangeTime: 2017-12-23T03:43:17.934120300Z 1b70.1ad4: FileAttributes: 0x20 1b70.1ad4: Size: 0xfa498 1b70.1ad4: NT Headers: 0xe8 1b70.1ad4: Timestamp: 0x5a3021c6 1b70.1ad4: Machine: 0x8664 - amd64 1b70.1ad4: Timestamp: 0x5a3021c6 1b70.1ad4: Image Version: 6.0 1b70.1ad4: SizeOfImage: 0xf8000 (1015808) 1b70.1ad4: Resource Dir: 0xf0000 LB 0x378 1b70.1ad4: ProductName: Avast Antivirus 1b70.1ad4: ProductVersion: 17.9.3754.0 1b70.1ad4: FileVersion: 17.9.3754.0 1b70.1ad4: FileDescription: Avast Virtualization Driver 1b70.1ad4: \SystemRoot\System32\drivers\aswsp.sys: 1b70.1ad4: CreationTime: 2017-12-08T05:32:36.343755500Z 1b70.1ad4: LastWriteTime: 2017-12-23T03:42:57.777401300Z 1b70.1ad4: ChangeTime: 2017-12-23T03:43:17.934120300Z 1b70.1ad4: FileAttributes: 0x20 1b70.1ad4: Size: 0x6fab8 1b70.1ad4: NT Headers: 0xe0 1b70.1ad4: Timestamp: 0x5a302454 1b70.1ad4: Machine: 0x8664 - amd64 1b70.1ad4: Timestamp: 0x5a302454 1b70.1ad4: Image Version: 6.0 1b70.1ad4: SizeOfImage: 0x71000 (462848) 1b70.1ad4: Resource Dir: 0x6f000 LB 0x370 1b70.1ad4: ProductName: Avast Antivirus 1b70.1ad4: ProductVersion: 17.9.3754.0 1b70.1ad4: FileVersion: 17.9.3754.0 1b70.1ad4: FileDescription: Avast self protection module 1b70.1ad4: \SystemRoot\System32\drivers\aswStm.sys: 1b70.1ad4: CreationTime: 2017-12-08T05:32:36.348709000Z 1b70.1ad4: LastWriteTime: 2017-12-23T03:42:58.232601100Z 1b70.1ad4: ChangeTime: 2017-12-23T03:43:17.934120300Z 1b70.1ad4: FileAttributes: 0x20 1b70.1ad4: Size: 0x31ea8 1b70.1ad4: NT Headers: 0x110 1b70.1ad4: Timestamp: 0x5a302650 1b70.1ad4: Machine: 0x8664 - amd64 1b70.1ad4: Timestamp: 0x5a302650 1b70.1ad4: Image Version: 10.0 1b70.1ad4: SizeOfImage: 0x32000 (204800) 1b70.1ad4: Resource Dir: 0x30000 LB 0x350 1b70.1ad4: ProductName: Avast Antivirus 1b70.1ad4: ProductVersion: 17.9.3754.0 1b70.1ad4: FileVersion: 17.9.3754.0 1b70.1ad4: FileDescription: Stream Filter 1b70.1ad4: \SystemRoot\System32\drivers\aswVmm.sys: 1b70.1ad4: CreationTime: 2017-12-08T05:32:36.353213500Z 1b70.1ad4: LastWriteTime: 2017-12-23T03:42:57.853282500Z 1b70.1ad4: ChangeTime: 2017-12-23T03:43:17.934620700Z 1b70.1ad4: FileAttributes: 0x20 1b70.1ad4: Size: 0x57910 1b70.1ad4: NT Headers: 0xf0 1b70.1ad4: Timestamp: 0x5a302442 1b70.1ad4: Machine: 0x8664 - amd64 1b70.1ad4: Timestamp: 0x5a302442 1b70.1ad4: Image Version: 6.0 1b70.1ad4: SizeOfImage: 0x55000 (348160) 1b70.1ad4: Resource Dir: 0x52000 LB 0x390 1b70.1ad4: ProductName: Avast Antivirus 1b70.1ad4: ProductVersion: 17.9.3754.0 1b70.1ad4: FileVersion: 17.9.3754.0 1b70.1ad4: FileDescription: Avast VM Monitor 1b70.1ad4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 1b70.1ad4: Calling main() 1b70.1ad4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 1b70.1ad4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 1b70.1ad4: SUPR3HardenedMain: Respawn #1 1b70.1ad4: System32: \Device\HarddiskVolume5\Windows\System32 1b70.1ad4: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS 1b70.1ad4: KnownDllPath: C:\WINDOWS\System32 1b70.1ad4: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1b70.1ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe) 1b70.1ad4: supR3HardNtEnableThreadCreation: 1b70.1ad4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9e70391b0 pvNtTerminateThread=00007ff9e7060890 1b70.1ad4: supR3HardenedWinDoReSpawn(1): New child 23f4.1098 [kernel32]. 1b70.1ad4: supR3HardNtChildGatherData: PebBaseAddress=0000000000544000 cbPeb=0x388 1b70.1ad4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff9e6fc0000 uNtDllChildAddr=00007ff9e6fc0000 1b70.1ad4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff9e70391b0 1b70.1ad4: supR3HardenedWinSetupChildInit: Start child. 1b70.1ad4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 1b70.1ad4: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 31 sleeps 1b70.1ad4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 1b70.1ad4: *0000000000000000-ffffffffffcaffff 0x0001/0x0000 0x0000000 1b70.1ad4: *0000000000350000-000000000032ffff 0x0004/0x0004 0x0020000 1b70.1ad4: *0000000000370000-0000000000356fff 0x0002/0x0002 0x0040000 1b70.1ad4: 0000000000389000-0000000000381fff 0x0001/0x0000 0x0000000 1b70.1ad4: *0000000000390000-000000000038bfff 0x0002/0x0002 0x0040000 1b70.1ad4: 0000000000394000-0000000000387fff 0x0001/0x0000 0x0000000 1b70.1ad4: *00000000003a0000-000000000039efff 0x0004/0x0004 0x0020000 1b70.1ad4: 00000000003a1000-0000000000341fff 0x0001/0x0000 0x0000000 1b70.1ad4: *0000000000400000-00000000002bbfff 0x0000/0x0004 0x0020000 1b70.1ad4: 0000000000544000-0000000000540fff 0x0004/0x0004 0x0020000 1b70.1ad4: 0000000000547000-000000000048dfff 0x0000/0x0004 0x0020000 1b70.1ad4: *0000000000600000-0000000000504fff 0x0000/0x0004 0x0020000 1b70.1ad4: 00000000006fb000-00000000006f7fff 0x0104/0x0004 0x0020000 1b70.1ad4: 00000000006fe000-00000000006fbfff 0x0004/0x0004 0x0020000 1b70.1ad4: 0000000000700000-ffffffff80e1ffff 0x0001/0x0000 0x0000000 1b70.1ad4: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 1b70.1ad4: *000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 1b70.1ad4: 000000007fff0000-ffff800a0ab5ffff 0x0001/0x0000 0x0000000 1b70.1ad4: *00007ff6f5480000-00007ff6f545cfff 0x0002/0x0002 0x0040000 1b70.1ad4: 00007ff6f54a3000-00007ff6f5045fff 0x0001/0x0000 0x0000000 1b70.1ad4: *00007ff6f5900000-00007ff6f5900fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 1b70.1ad4: 00007ff6f5901000-00007ff6f596ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 1b70.1ad4: 00007ff6f5970000-00007ff6f5970fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 1b70.1ad4: 00007ff6f5971000-00007ff6f59b5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 1b70.1ad4: 00007ff6f59b6000-00007ff6f59b6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 1b70.1ad4: 00007ff6f59b7000-00007ff6f59b7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 1b70.1ad4: 00007ff6f59b8000-00007ff6f59bcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 1b70.1ad4: 00007ff6f59bd000-00007ff6f59bdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 1b70.1ad4: 00007ff6f59be000-00007ff6f59befff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 1b70.1ad4: 00007ff6f59bf000-00007ff6f59c2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 1b70.1ad4: 00007ff6f59c3000-00007ff6f5a0afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 1b70.1ad4: 00007ff6f5a0b000-00007ff404455fff 0x0001/0x0000 0x0000000 1b70.1ad4: *00007ff9e6fc0000-00007ff9e6fc0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 1b70.1ad4: 00007ff9e6fc1000-00007ff9e70d2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 1b70.1ad4: 00007ff9e70d3000-00007ff9e7118fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 1b70.1ad4: 00007ff9e7119000-00007ff9e7120fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 1b70.1ad4: 00007ff9e7121000-00007ff9e712efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 1b70.1ad4: 00007ff9e712f000-00007ff9e712ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 1b70.1ad4: 00007ff9e7130000-00007ff9e7132fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 1b70.1ad4: 00007ff9e7133000-00007ff9e719ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 1b70.1ad4: 00007ff9e71a0000-00007ff3ce35ffff 0x0001/0x0000 0x0000000 1b70.1ad4: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 1b70.1ad4: VirtualBox.exe: timestamp 0x58c01b6a (rc=VINF_SUCCESS) 1b70.1ad4: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1b70.1ad4: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports 1b70.1ad4: supR3HardNtChildPurify: Done after 566 ms and 0 fixes (loop #0). 23f4.1098: Log file opened: 5.1.16r113841 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03fab00 23f4.1098: supR3HardenedVmProcessInit: uNtDllAddr=00007ff9e6fc0000 g_uNtVerCombined=0xa03fab00 1b70.1ad4: supR3HardNtEnableThreadCreation: 23f4.1098: ntdll.dll: timestamp 0x493793ea (rc=VINF_SUCCESS) 23f4.1098: New simple heap: #1 0000000000800000 LB 0x400000 (for 1966080 allocation) 23f4.1098: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 23f4.1098: System32: \Device\HarddiskVolume5\Windows\System32 23f4.1098: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS 23f4.1098: KnownDllPath: C:\WINDOWS\System32 23f4.1098: supR3HardenedVmProcessInit: Opening vboxdrv stub... 23f4.1098: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 23f4.1098: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 23f4.1098: Registered Dll notification callback with NTDLL. 23f4.1098: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll) 23f4.1098: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel32.dll 23f4.1098: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] 23f4.1098: supR3HardenedDllNotificationCallback: load 00007ff9e37a0000 LB 0x00266000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0] 23f4.1098: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll) 23f4.1098: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\KernelBase.dll 23f4.1098: supR3HardenedDllNotificationCallback: load 00007ff9e69e0000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0] 23f4.1098: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 23f4.1098: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e69e0000 'C:\WINDOWS\System32\KERNEL32.DLL' 23f4.1098: supR3HardenedDllNotificationCallback: load 00007ff6f5900000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 23f4.1098: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 23f4.1098: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe) 23f4.1098: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 23f4.1098: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9e70391b0 pvNtTerminateThread=00007ff9e7060890 1b70.1ad4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 158 ms. 23f4.1098: \SystemRoot\System32\ntdll.dll: 23f4.1098: CreationTime: 2017-12-08T05:17:44.303593300Z 23f4.1098: LastWriteTime: 2017-12-08T05:17:44.469672500Z 23f4.1098: ChangeTime: 2017-12-13T10:17:11.337894700Z 23f4.1098: FileAttributes: 0x20 23f4.1098: Size: 0x1dd100 23f4.1098: NT Headers: 0xe0 23f4.1098: Timestamp: 0x493793ea 23f4.1098: Machine: 0x8664 - amd64 23f4.1098: Timestamp: 0x493793ea 23f4.1098: Image Version: 10.0 23f4.1098: SizeOfImage: 0x1e0000 (1966080) 23f4.1098: Resource Dir: 0x174000 LB 0x6a1d8 23f4.1098: ProductName: Microsoft® Windows® Operating System 23f4.1098: ProductVersion: 10.0.16299.64 23f4.1098: FileVersion: 10.0.16299.64 (WinBuild.160101.0800) 23f4.1098: FileDescription: NT Layer DLL 23f4.1098: \SystemRoot\System32\kernel32.dll: 23f4.1098: CreationTime: 2017-09-29T13:42:04.954227600Z 23f4.1098: LastWriteTime: 2017-09-29T13:42:04.954227600Z 23f4.1098: ChangeTime: 2017-12-08T20:50:27.463795300Z 23f4.1098: FileAttributes: 0x20 23f4.1098: Size: 0xab868 23f4.1098: NT Headers: 0xe8 23f4.1098: Timestamp: 0xc2cf900 23f4.1098: Machine: 0x8664 - amd64 23f4.1098: Timestamp: 0xc2cf900 23f4.1098: Image Version: 10.0 23f4.1098: SizeOfImage: 0xae000 (712704) 23f4.1098: Resource Dir: 0xac000 LB 0x520 23f4.1098: ProductName: Microsoft® Windows® Operating System 23f4.1098: ProductVersion: 10.0.16299.15 23f4.1098: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 23f4.1098: FileDescription: Windows NT BASE API Client DLL 23f4.1098: \SystemRoot\System32\KernelBase.dll: 23f4.1098: CreationTime: 2017-09-29T13:41:43.124345500Z 23f4.1098: LastWriteTime: 2017-09-29T13:41:43.124345500Z 23f4.1098: ChangeTime: 2017-12-08T20:50:27.526272500Z 23f4.1098: FileAttributes: 0x20 23f4.1098: Size: 0x266000 23f4.1098: NT Headers: 0xf0 23f4.1098: Timestamp: 0x4736733c 23f4.1098: Machine: 0x8664 - amd64 23f4.1098: Timestamp: 0x4736733c 23f4.1098: Image Version: 10.0 23f4.1098: SizeOfImage: 0x266000 (2514944) 23f4.1098: Resource Dir: 0x245000 LB 0x548 23f4.1098: ProductName: Microsoft® Windows® Operating System 23f4.1098: ProductVersion: 10.0.16299.15 23f4.1098: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 23f4.1098: FileDescription: Windows NT BASE API Client DLL 23f4.1098: \SystemRoot\System32\apisetschema.dll: 23f4.1098: CreationTime: 2017-09-29T13:42:07.095026600Z 23f4.1098: LastWriteTime: 2017-09-29T13:42:07.095026600Z 23f4.1098: ChangeTime: 2017-12-15T12:18:23.281148200Z 23f4.1098: FileAttributes: 0x20 23f4.1098: Size: 0x1b398 23f4.1098: NT Headers: 0xc8 23f4.1098: Timestamp: 0xf30abf31 23f4.1098: Machine: 0x8664 - amd64 23f4.1098: Timestamp: 0xf30abf31 23f4.1098: Image Version: 10.0 23f4.1098: SizeOfImage: 0x1c000 (114688) 23f4.1098: Resource Dir: 0x1b000 LB 0x408 23f4.1098: ProductName: Microsoft® Windows® Operating System 23f4.1098: ProductVersion: 10.0.16299.15 23f4.1098: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 23f4.1098: FileDescription: ApiSet Schema DLL 23f4.1098: NtOpenDirectoryObject failed on \Driver: 0xc0000022 23f4.1098: supR3HardenedWinFindAdversaries: 0x4 23f4.1098: \SystemRoot\System32\drivers\aswHwid.sys: 23f4.1098: CreationTime: 2017-12-08T05:32:36.270047300Z 23f4.1098: LastWriteTime: 2017-12-23T03:42:57.586447300Z 23f4.1098: ChangeTime: 2017-12-23T03:43:17.933620400Z 23f4.1098: FileAttributes: 0x20 23f4.1098: Size: 0xb780 23f4.1098: NT Headers: 0xe8 23f4.1098: Timestamp: 0x5a3021aa 23f4.1098: Machine: 0x8664 - amd64 23f4.1098: Timestamp: 0x5a3021aa 23f4.1098: Image Version: 6.0 23f4.1098: SizeOfImage: 0xa000 (40960) 23f4.1098: Resource Dir: 0x8000 LB 0x388 23f4.1098: ProductName: Avast Antivirus 23f4.1098: ProductVersion: 17.9.3754.0 23f4.1098: FileVersion: 17.9.3754.0 23f4.1098: FileDescription: Avast HWID 23f4.1098: \SystemRoot\System32\drivers\aswMonFlt.sys: 23f4.1098: CreationTime: 2017-12-08T05:32:36.294165700Z 23f4.1098: LastWriteTime: 2017-12-23T03:42:57.639240800Z 23f4.1098: ChangeTime: 2017-12-23T03:43:17.933620400Z 23f4.1098: FileAttributes: 0x20 23f4.1098: Size: 0x23ce8 23f4.1098: NT Headers: 0xf0 23f4.1098: Timestamp: 0x5a30243f 23f4.1098: Machine: 0x8664 - amd64 23f4.1098: Timestamp: 0x5a30243f 23f4.1098: Image Version: 6.0 23f4.1098: SizeOfImage: 0x27000 (159744) 23f4.1098: Resource Dir: 0x25000 LB 0x3b0 23f4.1098: ProductName: Avast Antivirus 23f4.1098: ProductVersion: 17.9.3754.0 23f4.1098: FileVersion: 17.9.3754.0 23f4.1098: FileDescription: Avast File System Minifilter for Windows 2003/Vista 23f4.1098: \SystemRoot\System32\drivers\aswRdr2.sys: 23f4.1098: CreationTime: 2017-12-08T05:32:36.312766900Z 23f4.1098: LastWriteTime: 2017-12-23T03:42:56.985959700Z 23f4.1098: ChangeTime: 2017-12-23T03:43:17.934120300Z 23f4.1098: FileAttributes: 0x20 23f4.1098: Size: 0x1af00 23f4.1098: NT Headers: 0xf0 23f4.1098: Timestamp: 0x5a3021c2 23f4.1098: Machine: 0x8664 - amd64 23f4.1098: Timestamp: 0x5a3021c2 23f4.1098: Image Version: 6.1 23f4.1098: SizeOfImage: 0x1a000 (106496) 23f4.1098: Resource Dir: 0x18000 LB 0x398 23f4.1098: ProductName: Avast Antivirus 23f4.1098: ProductVersion: 17.9.3754.0 23f4.1098: FileVersion: 17.9.3754.0 built by: WinDDK 23f4.1098: FileDescription: Avast WFP Redirect Driver 23f4.1098: \SystemRoot\System32\drivers\aswRvrt.sys: 23f4.1098: CreationTime: 2017-12-08T05:32:36.317839300Z 23f4.1098: LastWriteTime: 2017-12-23T03:42:57.709545000Z 23f4.1098: ChangeTime: 2017-12-23T03:43:17.934120300Z 23f4.1098: FileAttributes: 0x20 23f4.1098: Size: 0x149a0 23f4.1098: NT Headers: 0xf0 23f4.1098: Timestamp: 0x5a3021ae 23f4.1098: Machine: 0x8664 - amd64 23f4.1098: Timestamp: 0x5a3021ae 23f4.1098: Image Version: 6.0 23f4.1098: SizeOfImage: 0x13000 (77824) 23f4.1098: Resource Dir: 0x11000 LB 0x388 23f4.1098: ProductName: Avast Antivirus 23f4.1098: ProductVersion: 17.9.3754.0 23f4.1098: FileVersion: 17.9.3754.0 23f4.1098: FileDescription: Avast Revert 23f4.1098: \SystemRoot\System32\drivers\aswSnx.sys: 23f4.1098: CreationTime: 2017-12-08T05:32:36.322844100Z 23f4.1098: LastWriteTime: 2017-12-23T03:42:33.853316300Z 23f4.1098: ChangeTime: 2017-12-23T03:43:17.934120300Z 23f4.1098: FileAttributes: 0x20 23f4.1098: Size: 0xfa498 23f4.1098: NT Headers: 0xe8 23f4.1098: Timestamp: 0x5a3021c6 23f4.1098: Machine: 0x8664 - amd64 23f4.1098: Timestamp: 0x5a3021c6 23f4.1098: Image Version: 6.0 23f4.1098: SizeOfImage: 0xf8000 (1015808) 23f4.1098: Resource Dir: 0xf0000 LB 0x378 23f4.1098: ProductName: Avast Antivirus 23f4.1098: ProductVersion: 17.9.3754.0 23f4.1098: FileVersion: 17.9.3754.0 23f4.1098: FileDescription: Avast Virtualization Driver 23f4.1098: \SystemRoot\System32\drivers\aswsp.sys: 23f4.1098: CreationTime: 2017-12-08T05:32:36.343755500Z 23f4.1098: LastWriteTime: 2017-12-23T03:42:57.777401300Z 23f4.1098: ChangeTime: 2017-12-23T03:43:17.934120300Z 23f4.1098: FileAttributes: 0x20 23f4.1098: Size: 0x6fab8 23f4.1098: NT Headers: 0xe0 23f4.1098: Timestamp: 0x5a302454 23f4.1098: Machine: 0x8664 - amd64 23f4.1098: Timestamp: 0x5a302454 23f4.1098: Image Version: 6.0 23f4.1098: SizeOfImage: 0x71000 (462848) 23f4.1098: Resource Dir: 0x6f000 LB 0x370 23f4.1098: ProductName: Avast Antivirus 23f4.1098: ProductVersion: 17.9.3754.0 23f4.1098: FileVersion: 17.9.3754.0 23f4.1098: FileDescription: Avast self protection module 23f4.1098: \SystemRoot\System32\drivers\aswStm.sys: 23f4.1098: CreationTime: 2017-12-08T05:32:36.348709000Z 23f4.1098: LastWriteTime: 2017-12-23T03:42:58.232601100Z 23f4.1098: ChangeTime: 2017-12-23T03:43:17.934120300Z 23f4.1098: FileAttributes: 0x20 23f4.1098: Size: 0x31ea8 23f4.1098: NT Headers: 0x110 23f4.1098: Timestamp: 0x5a302650 23f4.1098: Machine: 0x8664 - amd64 23f4.1098: Timestamp: 0x5a302650 23f4.1098: Image Version: 10.0 23f4.1098: SizeOfImage: 0x32000 (204800) 23f4.1098: Resource Dir: 0x30000 LB 0x350 23f4.1098: ProductName: Avast Antivirus 23f4.1098: ProductVersion: 17.9.3754.0 23f4.1098: FileVersion: 17.9.3754.0 23f4.1098: FileDescription: Stream Filter 23f4.1098: \SystemRoot\System32\drivers\aswVmm.sys: 23f4.1098: CreationTime: 2017-12-08T05:32:36.353213500Z 23f4.1098: LastWriteTime: 2017-12-23T03:42:57.853282500Z 23f4.1098: ChangeTime: 2017-12-23T03:43:17.934620700Z 23f4.1098: FileAttributes: 0x20 23f4.1098: Size: 0x57910 23f4.1098: NT Headers: 0xf0 23f4.1098: Timestamp: 0x5a302442 23f4.1098: Machine: 0x8664 - amd64 23f4.1098: Timestamp: 0x5a302442 23f4.1098: Image Version: 6.0 23f4.1098: SizeOfImage: 0x55000 (348160) 23f4.1098: Resource Dir: 0x52000 LB 0x390 23f4.1098: ProductName: Avast Antivirus 23f4.1098: ProductVersion: 17.9.3754.0 23f4.1098: FileVersion: 17.9.3754.0 23f4.1098: FileDescription: Avast VM Monitor 23f4.1098: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 23f4.1098: Calling main() 23f4.1098: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 23f4.1098: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 23f4.1098: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 23f4.1098: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe) 23f4.1098: SUPR3HardenedMain: Respawn #2 23f4.1098: supR3HardNtEnableThreadCreation: 23f4.1098: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 23f4.1098: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'. 23f4.1098: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'. 23f4.1098: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\advapi32.dll) 23f4.1098: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\advapi32.dll 23f4.1098: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 23f4.1098: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 23f4.1098: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll) 23f4.1098: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll 23f4.1098: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'... 23f4.1098: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume5\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008] 23f4.1098: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 23f4.1098: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\sechost.dll) 23f4.1098: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\sechost.dll 23f4.1098: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 23f4.1098: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 23f4.1098: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcrt.dll) 23f4.1098: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcrt.dll 23f4.1098: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 23f4.1098: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 23f4.1098: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 23f4.1098: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x1000 pwszSearchPath=0000000000000000: [calling] 23f4.1098: supR3HardenedDllNotificationCallback: load 00007ff9e6a90000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0] 23f4.1098: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 23f4.1098: supR3HardenedDllNotificationCallback: load 00007ff9e6420000 LB 0x0011f000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0] 23f4.1098: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 23f4.1098: supR3HardenedDllNotificationCallback: load 00007ff9e6550000 LB 0x0005b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0] 23f4.1098: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\sechost.dll [lacks WinVerifyTrust] 23f4.1098: supR3HardenedDllNotificationCallback: load 00007ff9e45a0000 LB 0x000a1000 C:\WINDOWS\System32\ADVAPI32.DLL [fFlags=0x0] 23f4.1098: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 23f4.1098: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e45a0000 'C:\WINDOWS\System32\ADVAPI32.DLL' 23f4.1098: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports 23f4.1098: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ntdll.dll) 23f4.1098: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ntdll.dll 23f4.1098: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 23f4.1098: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e6fc0000 'C:\WINDOWS\System32\ntdll.dll' 23f4.1098: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9e70391b0 pvNtTerminateThread=00007ff9e7060890 23f4.1098: supR3HardenedWinDoReSpawn(2): New child 1384.1834 [kernel32]. 23f4.1098: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless) 23f4.1098: supR3HardNtChildGatherData: PebBaseAddress=0000000000729000 cbPeb=0x388 23f4.1098: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff9e6fc0000 uNtDllChildAddr=00007ff9e6fc0000 23f4.1098: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff9e70391b0 23f4.1098: supR3HardenedWinSetupChildInit: Start child. 23f4.1098: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms. 23f4.1098: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 51 sleeps 23f4.1098: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 23f4.1098: *0000000000000000-ffffffffffacffff 0x0001/0x0000 0x0000000 23f4.1098: *0000000000530000-000000000050ffff 0x0004/0x0004 0x0020000 23f4.1098: *0000000000550000-0000000000536fff 0x0002/0x0002 0x0040000 23f4.1098: 0000000000569000-0000000000561fff 0x0001/0x0000 0x0000000 23f4.1098: *0000000000570000-000000000056bfff 0x0002/0x0002 0x0040000 23f4.1098: 0000000000574000-0000000000567fff 0x0001/0x0000 0x0000000 23f4.1098: *0000000000580000-000000000057efff 0x0004/0x0004 0x0020000 23f4.1098: 0000000000581000-0000000000501fff 0x0001/0x0000 0x0000000 23f4.1098: *0000000000600000-00000000004d6fff 0x0000/0x0004 0x0020000 23f4.1098: 0000000000729000-0000000000725fff 0x0004/0x0004 0x0020000 23f4.1098: 000000000072c000-0000000000657fff 0x0000/0x0004 0x0020000 23f4.1098: *0000000000800000-0000000000704fff 0x0000/0x0004 0x0020000 23f4.1098: 00000000008fb000-00000000008f7fff 0x0104/0x0004 0x0020000 23f4.1098: 00000000008fe000-00000000008fbfff 0x0004/0x0004 0x0020000 23f4.1098: 0000000000900000-ffffffff8121ffff 0x0001/0x0000 0x0000000 23f4.1098: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 23f4.1098: *000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 23f4.1098: 000000007fff0000-ffff800a0b29ffff 0x0001/0x0000 0x0000000 23f4.1098: *00007ff6f4d40000-00007ff6f4d1cfff 0x0002/0x0002 0x0040000 23f4.1098: 00007ff6f4d63000-00007ff6f41c5fff 0x0001/0x0000 0x0000000 23f4.1098: *00007ff6f5900000-00007ff6f5900fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 23f4.1098: 00007ff6f5901000-00007ff6f596ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 23f4.1098: 00007ff6f5970000-00007ff6f5970fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 23f4.1098: 00007ff6f5971000-00007ff6f59b5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 23f4.1098: 00007ff6f59b6000-00007ff6f59b6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 23f4.1098: 00007ff6f59b7000-00007ff6f59b7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 23f4.1098: 00007ff6f59b8000-00007ff6f59bcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 23f4.1098: 00007ff6f59bd000-00007ff6f59bdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 23f4.1098: 00007ff6f59be000-00007ff6f59befff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 23f4.1098: 00007ff6f59bf000-00007ff6f59c2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 23f4.1098: 00007ff6f59c3000-00007ff6f5a0afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 23f4.1098: 00007ff6f5a0b000-00007ff404455fff 0x0001/0x0000 0x0000000 23f4.1098: *00007ff9e6fc0000-00007ff9e6fc0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 23f4.1098: 00007ff9e6fc1000-00007ff9e70d2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 23f4.1098: 00007ff9e70d3000-00007ff9e7118fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 23f4.1098: 00007ff9e7119000-00007ff9e7120fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 23f4.1098: 00007ff9e7121000-00007ff9e712efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 23f4.1098: 00007ff9e712f000-00007ff9e712ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 23f4.1098: 00007ff9e7130000-00007ff9e7132fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 23f4.1098: 00007ff9e7133000-00007ff9e719ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 23f4.1098: 00007ff9e71a0000-00007ff3ce35ffff 0x0001/0x0000 0x0000000 23f4.1098: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 23f4.1098: VirtualBox.exe: timestamp 0x58c01b6a (rc=VINF_SUCCESS) 23f4.1098: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 23f4.1098: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports 23f4.1098: supR3HardNtChildPurify: Done after 562 ms and 0 fixes (loop #0). 23f4.1098: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000800000 LB 0x400000) 1384.1834: Log file opened: 5.1.16r113841 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03fab00 1384.1834: supR3HardenedVmProcessInit: uNtDllAddr=00007ff9e6fc0000 g_uNtVerCombined=0xa03fab00 23f4.1098: supR3HardNtEnableThreadCreation: 1384.1834: ntdll.dll: timestamp 0x493793ea (rc=VINF_SUCCESS) 1384.1834: New simple heap: #1 0000000000a00000 LB 0x400000 (for 1966080 allocation) 1384.1834: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 1384.1834: System32: \Device\HarddiskVolume5\Windows\System32 1384.1834: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS 1384.1834: KnownDllPath: C:\WINDOWS\System32 1384.1834: supR3HardenedVmProcessInit: Opening vboxdrv... 1384.1834: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 1384.1834: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 1384.1834: Registered Dll notification callback with NTDLL. 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel32.dll 1384.1834: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] 1384.1834: supR3HardenedDllNotificationCallback: load 00007ff9e37a0000 LB 0x00266000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0] 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\KernelBase.dll 1384.1834: supR3HardenedDllNotificationCallback: load 00007ff9e69e0000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0] 1384.1834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e69e0000 'C:\WINDOWS\System32\KERNEL32.DLL' 1384.1834: supR3HardenedDllNotificationCallback: load 00007ff6f5900000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 1384.1834: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 1384.1834: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9e70391b0 pvNtTerminateThread=00007ff9e7060890 23f4.1098: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 138 ms. 1384.1834: \SystemRoot\System32\ntdll.dll: 1384.1834: CreationTime: 2017-12-08T05:17:44.303593300Z 1384.1834: LastWriteTime: 2017-12-08T05:17:44.469672500Z 1384.1834: ChangeTime: 2017-12-13T10:17:11.337894700Z 1384.1834: FileAttributes: 0x20 1384.1834: Size: 0x1dd100 1384.1834: NT Headers: 0xe0 1384.1834: Timestamp: 0x493793ea 1384.1834: Machine: 0x8664 - amd64 1384.1834: Timestamp: 0x493793ea 1384.1834: Image Version: 10.0 1384.1834: SizeOfImage: 0x1e0000 (1966080) 1384.1834: Resource Dir: 0x174000 LB 0x6a1d8 1384.1834: ProductName: Microsoft® Windows® Operating System 1384.1834: ProductVersion: 10.0.16299.64 1384.1834: FileVersion: 10.0.16299.64 (WinBuild.160101.0800) 1384.1834: FileDescription: NT Layer DLL 1384.1834: \SystemRoot\System32\kernel32.dll: 1384.1834: CreationTime: 2017-09-29T13:42:04.954227600Z 1384.1834: LastWriteTime: 2017-09-29T13:42:04.954227600Z 1384.1834: ChangeTime: 2017-12-08T20:50:27.463795300Z 1384.1834: FileAttributes: 0x20 1384.1834: Size: 0xab868 1384.1834: NT Headers: 0xe8 1384.1834: Timestamp: 0xc2cf900 1384.1834: Machine: 0x8664 - amd64 1384.1834: Timestamp: 0xc2cf900 1384.1834: Image Version: 10.0 1384.1834: SizeOfImage: 0xae000 (712704) 1384.1834: Resource Dir: 0xac000 LB 0x520 1384.1834: ProductName: Microsoft® Windows® Operating System 1384.1834: ProductVersion: 10.0.16299.15 1384.1834: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 1384.1834: FileDescription: Windows NT BASE API Client DLL 1384.1834: \SystemRoot\System32\KernelBase.dll: 1384.1834: CreationTime: 2017-09-29T13:41:43.124345500Z 1384.1834: LastWriteTime: 2017-09-29T13:41:43.124345500Z 1384.1834: ChangeTime: 2017-12-08T20:50:27.526272500Z 1384.1834: FileAttributes: 0x20 1384.1834: Size: 0x266000 1384.1834: NT Headers: 0xf0 1384.1834: Timestamp: 0x4736733c 1384.1834: Machine: 0x8664 - amd64 1384.1834: Timestamp: 0x4736733c 1384.1834: Image Version: 10.0 1384.1834: SizeOfImage: 0x266000 (2514944) 1384.1834: Resource Dir: 0x245000 LB 0x548 1384.1834: ProductName: Microsoft® Windows® Operating System 1384.1834: ProductVersion: 10.0.16299.15 1384.1834: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 1384.1834: FileDescription: Windows NT BASE API Client DLL 1384.1834: \SystemRoot\System32\apisetschema.dll: 1384.1834: CreationTime: 2017-09-29T13:42:07.095026600Z 1384.1834: LastWriteTime: 2017-09-29T13:42:07.095026600Z 1384.1834: ChangeTime: 2017-12-15T12:18:23.281148200Z 1384.1834: FileAttributes: 0x20 1384.1834: Size: 0x1b398 1384.1834: NT Headers: 0xc8 1384.1834: Timestamp: 0xf30abf31 1384.1834: Machine: 0x8664 - amd64 1384.1834: Timestamp: 0xf30abf31 1384.1834: Image Version: 10.0 1384.1834: SizeOfImage: 0x1c000 (114688) 1384.1834: Resource Dir: 0x1b000 LB 0x408 1384.1834: ProductName: Microsoft® Windows® Operating System 1384.1834: ProductVersion: 10.0.16299.15 1384.1834: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 1384.1834: FileDescription: ApiSet Schema DLL 1384.1834: NtOpenDirectoryObject failed on \Driver: 0xc0000022 1384.1834: supR3HardenedWinFindAdversaries: 0x4 1384.1834: \SystemRoot\System32\drivers\aswHwid.sys: 1384.1834: CreationTime: 2017-12-08T05:32:36.270047300Z 1384.1834: LastWriteTime: 2017-12-23T03:42:57.586447300Z 1384.1834: ChangeTime: 2017-12-23T03:43:17.933620400Z 1384.1834: FileAttributes: 0x20 1384.1834: Size: 0xb780 1384.1834: NT Headers: 0xe8 1384.1834: Timestamp: 0x5a3021aa 1384.1834: Machine: 0x8664 - amd64 1384.1834: Timestamp: 0x5a3021aa 1384.1834: Image Version: 6.0 1384.1834: SizeOfImage: 0xa000 (40960) 1384.1834: Resource Dir: 0x8000 LB 0x388 1384.1834: ProductName: Avast Antivirus 1384.1834: ProductVersion: 17.9.3754.0 1384.1834: FileVersion: 17.9.3754.0 1384.1834: FileDescription: Avast HWID 1384.1834: \SystemRoot\System32\drivers\aswMonFlt.sys: 1384.1834: CreationTime: 2017-12-08T05:32:36.294165700Z 1384.1834: LastWriteTime: 2017-12-23T03:42:57.639240800Z 1384.1834: ChangeTime: 2017-12-23T03:43:17.933620400Z 1384.1834: FileAttributes: 0x20 1384.1834: Size: 0x23ce8 1384.1834: NT Headers: 0xf0 1384.1834: Timestamp: 0x5a30243f 1384.1834: Machine: 0x8664 - amd64 1384.1834: Timestamp: 0x5a30243f 1384.1834: Image Version: 6.0 1384.1834: SizeOfImage: 0x27000 (159744) 1384.1834: Resource Dir: 0x25000 LB 0x3b0 1384.1834: ProductName: Avast Antivirus 1384.1834: ProductVersion: 17.9.3754.0 1384.1834: FileVersion: 17.9.3754.0 1384.1834: FileDescription: Avast File System Minifilter for Windows 2003/Vista 1384.1834: \SystemRoot\System32\drivers\aswRdr2.sys: 1384.1834: CreationTime: 2017-12-08T05:32:36.312766900Z 1384.1834: LastWriteTime: 2017-12-23T03:42:56.985959700Z 1384.1834: ChangeTime: 2017-12-23T03:43:17.934120300Z 1384.1834: FileAttributes: 0x20 1384.1834: Size: 0x1af00 1384.1834: NT Headers: 0xf0 1384.1834: Timestamp: 0x5a3021c2 1384.1834: Machine: 0x8664 - amd64 1384.1834: Timestamp: 0x5a3021c2 1384.1834: Image Version: 6.1 1384.1834: SizeOfImage: 0x1a000 (106496) 1384.1834: Resource Dir: 0x18000 LB 0x398 1384.1834: ProductName: Avast Antivirus 1384.1834: ProductVersion: 17.9.3754.0 1384.1834: FileVersion: 17.9.3754.0 built by: WinDDK 1384.1834: FileDescription: Avast WFP Redirect Driver 1384.1834: \SystemRoot\System32\drivers\aswRvrt.sys: 1384.1834: CreationTime: 2017-12-08T05:32:36.317839300Z 1384.1834: LastWriteTime: 2017-12-23T03:42:57.709545000Z 1384.1834: ChangeTime: 2017-12-23T03:43:17.934120300Z 1384.1834: FileAttributes: 0x20 1384.1834: Size: 0x149a0 1384.1834: NT Headers: 0xf0 1384.1834: Timestamp: 0x5a3021ae 1384.1834: Machine: 0x8664 - amd64 1384.1834: Timestamp: 0x5a3021ae 1384.1834: Image Version: 6.0 1384.1834: SizeOfImage: 0x13000 (77824) 1384.1834: Resource Dir: 0x11000 LB 0x388 1384.1834: ProductName: Avast Antivirus 1384.1834: ProductVersion: 17.9.3754.0 1384.1834: FileVersion: 17.9.3754.0 1384.1834: FileDescription: Avast Revert 1384.1834: \SystemRoot\System32\drivers\aswSnx.sys: 1384.1834: CreationTime: 2017-12-08T05:32:36.322844100Z 1384.1834: LastWriteTime: 2017-12-23T03:42:33.853316300Z 1384.1834: ChangeTime: 2017-12-23T03:43:17.934120300Z 1384.1834: FileAttributes: 0x20 1384.1834: Size: 0xfa498 1384.1834: NT Headers: 0xe8 1384.1834: Timestamp: 0x5a3021c6 1384.1834: Machine: 0x8664 - amd64 1384.1834: Timestamp: 0x5a3021c6 1384.1834: Image Version: 6.0 1384.1834: SizeOfImage: 0xf8000 (1015808) 1384.1834: Resource Dir: 0xf0000 LB 0x378 1384.1834: ProductName: Avast Antivirus 1384.1834: ProductVersion: 17.9.3754.0 1384.1834: FileVersion: 17.9.3754.0 1384.1834: FileDescription: Avast Virtualization Driver 1384.1834: \SystemRoot\System32\drivers\aswsp.sys: 1384.1834: CreationTime: 2017-12-08T05:32:36.343755500Z 1384.1834: LastWriteTime: 2017-12-23T03:42:57.777401300Z 1384.1834: ChangeTime: 2017-12-23T03:43:17.934120300Z 1384.1834: FileAttributes: 0x20 1384.1834: Size: 0x6fab8 1384.1834: NT Headers: 0xe0 1384.1834: Timestamp: 0x5a302454 1384.1834: Machine: 0x8664 - amd64 1384.1834: Timestamp: 0x5a302454 1384.1834: Image Version: 6.0 1384.1834: SizeOfImage: 0x71000 (462848) 1384.1834: Resource Dir: 0x6f000 LB 0x370 1384.1834: ProductName: Avast Antivirus 1384.1834: ProductVersion: 17.9.3754.0 1384.1834: FileVersion: 17.9.3754.0 1384.1834: FileDescription: Avast self protection module 1384.1834: \SystemRoot\System32\drivers\aswStm.sys: 1384.1834: CreationTime: 2017-12-08T05:32:36.348709000Z 1384.1834: LastWriteTime: 2017-12-23T03:42:58.232601100Z 1384.1834: ChangeTime: 2017-12-23T03:43:17.934120300Z 1384.1834: FileAttributes: 0x20 1384.1834: Size: 0x31ea8 1384.1834: NT Headers: 0x110 1384.1834: Timestamp: 0x5a302650 1384.1834: Machine: 0x8664 - amd64 1384.1834: Timestamp: 0x5a302650 1384.1834: Image Version: 10.0 1384.1834: SizeOfImage: 0x32000 (204800) 1384.1834: Resource Dir: 0x30000 LB 0x350 1384.1834: ProductName: Avast Antivirus 1384.1834: ProductVersion: 17.9.3754.0 1384.1834: FileVersion: 17.9.3754.0 1384.1834: FileDescription: Stream Filter 1384.1834: \SystemRoot\System32\drivers\aswVmm.sys: 1384.1834: CreationTime: 2017-12-08T05:32:36.353213500Z 1384.1834: LastWriteTime: 2017-12-23T03:42:57.853282500Z 1384.1834: ChangeTime: 2017-12-23T03:43:17.934620700Z 1384.1834: FileAttributes: 0x20 1384.1834: Size: 0x57910 1384.1834: NT Headers: 0xf0 1384.1834: Timestamp: 0x5a302442 1384.1834: Machine: 0x8664 - amd64 1384.1834: Timestamp: 0x5a302442 1384.1834: Image Version: 6.0 1384.1834: SizeOfImage: 0x55000 (348160) 1384.1834: Resource Dir: 0x52000 LB 0x390 1384.1834: ProductName: Avast Antivirus 1384.1834: ProductVersion: 17.9.3754.0 1384.1834: FileVersion: 17.9.3754.0 1384.1834: FileDescription: Avast VM Monitor 1384.1834: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 1384.1834: Calling main() 1384.1834: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 1384.1834: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 1384.1834: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe) 1384.1834: SUPR3HardenedMain: Final process, opening VBoxDrv... 1384.1834: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000a00000 LB 0x400000) 1384.1834: supR3HardNtEnableThreadCreation: 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll 1384.1834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 1384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedDllNotificationCallback: load 00007ff9de490000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] 1384.1834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9de490000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 1384.1834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9de490000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 1384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9de490000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'. 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wintrust.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wintrust.dll 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume5\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'msasn1.dll'. 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\crypt32.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\crypt32.dll 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume5\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msasn1.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msasn1.dll 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcrt.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcrt.dll 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume5\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 1384.1834: supR3HardenedDllNotificationCallback: load 00007ff9e6a90000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0] 1384.1834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedDllNotificationCallback: load 00007ff9e33a0000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0] 1384.1834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedDllNotificationCallback: load 00007ff9e33e0000 LB 0x000f6000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0] 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ucrtbase.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ucrtbase.dll 1384.1834: supR3HardenedDllNotificationCallback: load 00007ff9e3530000 LB 0x001ce000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0] 1384.1834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedDllNotificationCallback: load 00007ff9e6420000 LB 0x0011f000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0] 1384.1834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedDllNotificationCallback: load 00007ff9e6550000 LB 0x0005b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0] 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\sechost.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\sechost.dll 1384.1834: supR3HardenedDllNotificationCallback: load 00007ff9e45a0000 LB 0x000a1000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0] 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'. 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\advapi32.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\advapi32.dll 1384.1834: supR3HardenedDllNotificationCallback: load 00007ff9e4160000 LB 0x00058000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0] 1384.1834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 1384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e37a0000 'api-ms-win-core-synch-l1-2-0' 1384.1834: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 1384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e37a0000 'api-ms-win-core-fibers-l1-1-1' 1384.1834: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 1384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e37a0000 'api-ms-win-core-fibers-l1-1-1' 1384.1834: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 1384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e37a0000 'api-ms-win-core-synch-l1-2-0' 1384.1834: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 1384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e37a0000 'api-ms-win-core-localization-l1-2-1' 1384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4160000 'C:\WINDOWS\system32\Wintrust.dll' 1384.1834: supHardenedWinVerifyImageByHandle: -> -626 (\Device\HarddiskVolume5\Windows\System32\bcrypt.dll) 1384.1834: Error (rc=0): 1384.1834: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume5\Windows\System32\bcrypt.dll: Grown load config (244 to 256 bytes) includes non-zero bytes: 00 00 00 00 60 a9 01 80 01 00 00 00 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\bcrypt.dll 1384.1834: Error (rc=0): 1384.1834: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\WINDOWS\system32\bcrypt.dll' (C:\WINDOWS\system32\bcrypt.dll): rcNt=0xc0000190 1384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\WINDOWS\system32\bcrypt.dll' 1384.1834: Warning! Failed to load bcrypt.dll 1384.1834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume5\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\sechost.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4160000 'C:\Windows\System32\WINTRUST.DLL' 1384.1834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4160000 'C:\Windows\System32\WINTRUST.DLL' 1384.1834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4160000 'C:\Windows\System32\WINTRUST.DLL' 1384.1834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4160000 'C:\Windows\System32\WINTRUST.DLL' 1384.1834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4160000 'C:\Windows\System32\WINTRUST.DLL' 1384.1834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4160000 'C:\Windows\System32\WINTRUST.DLL' 1384.1834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4160000 'C:\Windows\System32\WINTRUST.DLL' 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\cryptsp.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cryptsp.dll 1384.1834: supR3HardenedDllNotificationCallback: load 00007ff9e2d60000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0] 1384.1834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'. 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\rsaenh.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\rsaenh.dll 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -626 (0xfffffd8e)) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 1384.1834: Error (rc=0): 1384.1834: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume5\Windows\System32\bcrypt.dll 1384.1834: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status -626 (0xfffffd8e)) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 1384.1834: Error (rc=0): 1384.1834: supR3HardenedScreenImage/NtCreateSection: cached rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x10 fAccess=0xf cHits=2 \Device\HarddiskVolume5\Windows\System32\bcrypt.dll 1384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\WINDOWS\system32\rsaenh.dll' 1384.1834: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x8 () on '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' 1384.1834: Error -22919 in VirtualBox! (enmWhat=1) 1384.1834: WinVerifyTrust failed on stub executable: WinVerifyTrust failed with hrc=Unknown Status 0x8 on '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'. 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.dll 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\winmm.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\winmm.dll 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'. 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\oleaut32.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\oleaut32.dll 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'gdi32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'user32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'combase.dll'. 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ole32.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ole32.dll 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #73 'user32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'gdi32.dll'. 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\shell32.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\shell32.dll 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'. 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\user32.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\user32.dll 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'. 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'. 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'. 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'. 1384.1834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\opengl32.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\opengl32.dll 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume5\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'. 1384.1834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\glu32.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\glu32.dll 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\gdi32.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\gdi32.dll 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ws2_32.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ws2_32.dll 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume5\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008] 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\mpr.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\mpr.dll 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume5\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'shlwapi.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'comctl32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'shell32.dll'. 1384.1834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\comdlg32.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\comdlg32.dll 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume5\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'iphlpapi.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'bcrypt.dll'. 1384.1834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\winspool.drv) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\winspool.drv 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 1384.1834: '\Device\HarddiskVolume5\Windows\System32\win32u.dll' has no imports 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\win32u.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\win32u.dll 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'. 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\combase.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\combase.dll 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\winmmbase.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\winmmbase.dll 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] 1384.1834: supHardenedWinVerifyImageByHandle: -> -626 (\Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll) 1384.1834: Error (rc=0): 1384.1834: supR3HardenedScreenImage/Imports: rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll: Grown load config (244 to 256 bytes) includes non-zero bytes: 00 00 00 00 40 16 06 80 01 00 00 00 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -626 (0xfffffd8e)) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 1384.1834: Error (rc=0): 1384.1834: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x0 fAccess=0x0 cHits=3 \Device\HarddiskVolume5\Windows\System32\bcrypt.dll 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008] 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\comctl32.dll' [rcNtRedir=0x0] 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\comctl32.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\comctl32.dll 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'gdi32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'user32.dll'. 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\shlwapi.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\shlwapi.dll 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1384.1834: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1384.1834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01: [calling] 1384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\glu32.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\mpr.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\winspool.drv [lacks WinVerifyTrust] 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 1384.1834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 1384.1834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.125_none_88782a244abc4c60\comctl32.dll) 1384.1834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.125_none_88782a244abc4c60\comctl32.dll 1384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmmbase.dll [lacks WinVerifyTrust] 1384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL [lacks WinVerifyTrust] 1384.1834: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status -626 (0xfffffd8e)) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 1384.1834: Error (rc=0): 1384.1834: supR3HardenedScreenImage/NtCreateSection: cached rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x10 fAccess=0xf cHits=4 \Device\HarddiskVolume5\Windows\System32\bcrypt.dll 1384.1834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll' 23f4.1098: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1736 ms, the end); 1b70.1ad4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2577 ms, the end);