b88.3fc8: \SystemRoot\System32\ntdll.dll: b88.3fc8: CreationTime: 2022-09-15T09:57:05.594340100Z b88.3fc8: LastWriteTime: 2022-09-15T09:57:05.628540200Z b88.3fc8: ChangeTime: 2022-11-09T23:47:10.845416100Z b88.3fc8: FileAttributes: 0x20 b88.3fc8: Size: 0x207df8 b88.3fc8: NT Headers: 0xe0 b88.3fc8: Timestamp: 0x57b668f2 b88.3fc8: Machine: 0x8664 - amd64 b88.3fc8: Timestamp: 0x57b668f2 b88.3fc8: Image Version: 10.0 b88.3fc8: SizeOfImage: 0x209000 (2134016) b88.3fc8: Resource Dir: 0x194000 LB 0x73528 b88.3fc8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] b88.3fc8: [Raw version resource data: 0x1940f0 LB 0x380, codepage 0x0 (reserved 0x0)] b88.3fc8: ProductName: Microsoft® Windows® Operating System b88.3fc8: ProductVersion: 10.0.22000.918 b88.3fc8: FileVersion: 10.0.22000.918 (WinBuild.160101.0800) b88.3fc8: FileDescription: NT Layer DLL b88.3fc8: \SystemRoot\System32\kernel32.dll: b88.3fc8: CreationTime: 2022-11-09T23:45:56.720455400Z b88.3fc8: LastWriteTime: 2022-11-09T23:45:56.734459100Z b88.3fc8: ChangeTime: 2022-11-10T13:40:54.323737900Z b88.3fc8: FileAttributes: 0x20 b88.3fc8: Size: 0xc1060 b88.3fc8: NT Headers: 0xe8 b88.3fc8: Timestamp: 0x9416e42c b88.3fc8: Machine: 0x8664 - amd64 b88.3fc8: Timestamp: 0x9416e42c b88.3fc8: Image Version: 10.0 b88.3fc8: SizeOfImage: 0xbe000 (778240) b88.3fc8: Resource Dir: 0xbc000 LB 0x520 b88.3fc8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] b88.3fc8: [Raw version resource data: 0xbc0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] b88.3fc8: ProductName: Microsoft® Windows® Operating System b88.3fc8: ProductVersion: 10.0.22000.1219 b88.3fc8: FileVersion: 10.0.22000.1219 (WinBuild.160101.0800) b88.3fc8: FileDescription: Windows NT BASE API Client DLL b88.3fc8: \SystemRoot\System32\KernelBase.dll: b88.3fc8: CreationTime: 2022-11-09T23:46:00.173868600Z b88.3fc8: LastWriteTime: 2022-11-09T23:46:00.263888800Z b88.3fc8: ChangeTime: 2022-11-10T13:40:54.354991400Z b88.3fc8: FileAttributes: 0x20 b88.3fc8: Size: 0x3822b8 b88.3fc8: NT Headers: 0xf8 b88.3fc8: Timestamp: 0x2a439301 b88.3fc8: Machine: 0x8664 - amd64 b88.3fc8: Timestamp: 0x2a439301 b88.3fc8: Image Version: 10.0 b88.3fc8: SizeOfImage: 0x37b000 (3649536) b88.3fc8: Resource Dir: 0x34b000 LB 0x548 b88.3fc8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] b88.3fc8: [Raw version resource data: 0x34b0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] b88.3fc8: ProductName: Microsoft® Windows® Operating System b88.3fc8: ProductVersion: 10.0.22000.1165 b88.3fc8: FileVersion: 10.0.22000.1165 (WinBuild.160101.0800) b88.3fc8: FileDescription: Windows NT BASE API Client DLL b88.3fc8: \SystemRoot\System32\apisetschema.dll: b88.3fc8: CreationTime: 2021-06-05T12:04:59.928787900Z b88.3fc8: LastWriteTime: 2021-06-05T12:04:59.928787900Z b88.3fc8: ChangeTime: 2022-11-09T23:47:09.633374300Z b88.3fc8: FileAttributes: 0x20 b88.3fc8: Size: 0x24150 b88.3fc8: NT Headers: 0xc8 b88.3fc8: Timestamp: 0x68d1dbaf b88.3fc8: Machine: 0x8664 - amd64 b88.3fc8: Timestamp: 0x68d1dbaf b88.3fc8: Image Version: 10.0 b88.3fc8: SizeOfImage: 0x23000 (143360) b88.3fc8: Resource Dir: 0x22000 LB 0x408 b88.3fc8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] b88.3fc8: [Raw version resource data: 0x22060 LB 0x3a8, codepage 0x0 (reserved 0x0)] b88.3fc8: ProductName: Microsoft® Windows® Operating System b88.3fc8: ProductVersion: 10.0.22000.1 b88.3fc8: FileVersion: 10.0.22000.1 (WinBuild.160101.0800) b88.3fc8: FileDescription: ApiSet Schema DLL b88.3fc8: NtOpenDirectoryObject failed on \Driver: 0xc0000022 b88.3fc8: supR3HardenedWinFindAdversaries: 0x4 b88.3fc8: \SystemRoot\System32\drivers\aswMonFlt.sys: b88.3fc8: CreationTime: 2022-03-14T16:18:13.893635300Z b88.3fc8: LastWriteTime: 2022-11-01T13:01:12.555584300Z b88.3fc8: ChangeTime: 2022-11-01T13:01:12.555584300Z b88.3fc8: FileAttributes: 0x20 b88.3fc8: Size: 0x43828 b88.3fc8: NT Headers: 0xe0 b88.3fc8: Timestamp: 0x634589ab b88.3fc8: Machine: 0x8664 - amd64 b88.3fc8: Timestamp: 0x634589ab b88.3fc8: Image Version: 10.0 b88.3fc8: SizeOfImage: 0x44000 (278528) b88.3fc8: Resource Dir: 0x42000 LB 0x3a0 b88.3fc8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] b88.3fc8: [Raw version resource data: 0x42060 LB 0x340, codepage 0x0 (reserved 0x0)] b88.3fc8: ProductName: Avast Antivirus b88.3fc8: ProductVersion: 22.10.441.0 b88.3fc8: FileVersion: 22.10.441.0 b88.3fc8: FileDescription: Avast File System Filter b88.3fc8: \SystemRoot\System32\drivers\aswRdr2.sys: b88.3fc8: CreationTime: 2022-03-14T16:18:13.891634800Z b88.3fc8: LastWriteTime: 2022-11-01T13:01:12.546789900Z b88.3fc8: ChangeTime: 2022-11-01T13:01:12.546789900Z b88.3fc8: FileAttributes: 0x20 b88.3fc8: Size: 0x1bf20 b88.3fc8: NT Headers: 0xe8 b88.3fc8: Timestamp: 0x634589bb b88.3fc8: Machine: 0x8664 - amd64 b88.3fc8: Timestamp: 0x634589bb b88.3fc8: Image Version: 10.0 b88.3fc8: SizeOfImage: 0x1b000 (110592) b88.3fc8: Resource Dir: 0x19000 LB 0x388 b88.3fc8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] b88.3fc8: [Raw version resource data: 0x19060 LB 0x324, codepage 0x0 (reserved 0x0)] b88.3fc8: ProductName: Avast Antivirus b88.3fc8: ProductVersion: 22.10.441.0 b88.3fc8: FileVersion: 22.10.441.0 b88.3fc8: FileDescription: Avast Antivirus b88.3fc8: \SystemRoot\System32\drivers\aswRvrt.sys: b88.3fc8: CreationTime: 2022-03-14T16:18:13.894635600Z b88.3fc8: LastWriteTime: 2022-11-01T13:01:12.564474100Z b88.3fc8: ChangeTime: 2022-11-01T13:01:12.564474100Z b88.3fc8: FileAttributes: 0x20 b88.3fc8: Size: 0x15f98 b88.3fc8: NT Headers: 0xf0 b88.3fc8: Timestamp: 0x634589ba b88.3fc8: Machine: 0x8664 - amd64 b88.3fc8: Timestamp: 0x634589ba b88.3fc8: Image Version: 10.0 b88.3fc8: SizeOfImage: 0x13000 (77824) b88.3fc8: Resource Dir: 0x11000 LB 0x380 b88.3fc8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] b88.3fc8: [Raw version resource data: 0x11060 LB 0x320, codepage 0x0 (reserved 0x0)] b88.3fc8: ProductName: Avast Antivirus b88.3fc8: ProductVersion: 22.10.441.0 b88.3fc8: FileVersion: 22.10.441.0 b88.3fc8: FileDescription: Avast Revert b88.3fc8: \SystemRoot\System32\drivers\aswSnx.sys: b88.3fc8: CreationTime: 2022-03-14T16:18:13.887634000Z b88.3fc8: LastWriteTime: 2022-11-01T13:01:10.962228800Z b88.3fc8: ChangeTime: 2022-11-01T13:01:10.962228800Z b88.3fc8: FileAttributes: 0x20 b88.3fc8: Size: 0xd2ad8 b88.3fc8: NT Headers: 0xf8 b88.3fc8: Timestamp: 0x634589ce b88.3fc8: Machine: 0x8664 - amd64 b88.3fc8: Timestamp: 0x634589ce b88.3fc8: Image Version: 10.0 b88.3fc8: SizeOfImage: 0xce000 (843776) b88.3fc8: Resource Dir: 0xcb000 LB 0x388 b88.3fc8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] b88.3fc8: [Raw version resource data: 0xcb060 LB 0x324, codepage 0x0 (reserved 0x0)] b88.3fc8: ProductName: Avast Antivirus b88.3fc8: ProductVersion: 22.10.441.0 b88.3fc8: FileVersion: 22.10.441.0 b88.3fc8: FileDescription: Avast Antivirus b88.3fc8: \SystemRoot\System32\drivers\aswsp.sys: b88.3fc8: CreationTime: 2022-03-14T16:18:13.895636200Z b88.3fc8: LastWriteTime: 2022-11-01T13:01:12.572290600Z b88.3fc8: ChangeTime: 2022-11-01T13:01:12.572290600Z b88.3fc8: FileAttributes: 0x20 b88.3fc8: Size: 0xa4210 b88.3fc8: NT Headers: 0xf0 b88.3fc8: Timestamp: 0x634589c0 b88.3fc8: Machine: 0x8664 - amd64 b88.3fc8: Timestamp: 0x634589c0 b88.3fc8: Image Version: 10.0 b88.3fc8: SizeOfImage: 0xa3000 (667648) b88.3fc8: Resource Dir: 0xa1000 LB 0x388 b88.3fc8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] b88.3fc8: [Raw version resource data: 0xa1060 LB 0x328, codepage 0x0 (reserved 0x0)] b88.3fc8: ProductName: Avast Antivirus b88.3fc8: ProductVersion: 22.10.441.0 b88.3fc8: FileVersion: 22.10.441.0 b88.3fc8: FileDescription: Avast Self Protection b88.3fc8: \SystemRoot\System32\drivers\aswStm.sys: b88.3fc8: CreationTime: 2022-11-01T13:01:14.321288500Z b88.3fc8: LastWriteTime: 2022-11-01T13:01:12.717884700Z b88.3fc8: ChangeTime: 2022-11-01T14:55:16.468424700Z b88.3fc8: FileAttributes: 0x20 b88.3fc8: Size: 0x362f8 b88.3fc8: NT Headers: 0xf0 b88.3fc8: Timestamp: 0x634589cc b88.3fc8: Machine: 0x8664 - amd64 b88.3fc8: Timestamp: 0x634589cc b88.3fc8: Image Version: 10.0 b88.3fc8: SizeOfImage: 0x34000 (212992) b88.3fc8: Resource Dir: 0x32000 LB 0x390 b88.3fc8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] b88.3fc8: [Raw version resource data: 0x32060 LB 0x32c, codepage 0x0 (reserved 0x0)] b88.3fc8: ProductName: Avast Antivirus b88.3fc8: ProductVersion: 22.10.441.0 b88.3fc8: FileVersion: 22.10.441.0 b88.3fc8: FileDescription: Avast Stream Filter b88.3fc8: \SystemRoot\System32\drivers\aswVmm.sys: b88.3fc8: CreationTime: 2022-03-14T16:18:13.899636700Z b88.3fc8: LastWriteTime: 2022-11-01T13:01:12.958512000Z b88.3fc8: ChangeTime: 2022-11-01T13:01:12.958512000Z b88.3fc8: FileAttributes: 0x20 b88.3fc8: Size: 0x500d8 b88.3fc8: NT Headers: 0xf8 b88.3fc8: Timestamp: 0x634589c5 b88.3fc8: Machine: 0x8664 - amd64 b88.3fc8: Timestamp: 0x634589c5 b88.3fc8: Image Version: 10.0 b88.3fc8: SizeOfImage: 0x4c000 (311296) b88.3fc8: Resource Dir: 0x4a000 LB 0x388 b88.3fc8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] b88.3fc8: [Raw version resource data: 0x4a060 LB 0x328, codepage 0x0 (reserved 0x0)] b88.3fc8: ProductName: Avast Antivirus b88.3fc8: ProductVersion: 22.10.441.0 b88.3fc8: FileVersion: 22.10.441.0 b88.3fc8: FileDescription: Avast VM Monitor b88.3fc8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox' b88.3fc8: Calling main() b88.3fc8: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 b88.3fc8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox' b88.3fc8: SUPR3HardenedMain: Respawn #1 b88.3fc8: System32: \Device\HarddiskVolume8\Windows\System32 b88.3fc8: WinSxS: \Device\HarddiskVolume8\Windows\WinSxS b88.3fc8: KnownDllPath: C:\Windows\System32 b88.3fc8: supR3HardenedWinInit: Performing a limited self purification... b88.3fc8: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION b88.3fc8: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000 b88.3fc8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 b88.3fc8: 000000007ffe1000-000000007ffe6fff 0x0001/0x0000 0x0000000 b88.3fc8: *000000007ffe7000-000000007ffe7fff 0x0002/0x0002 0x0020000 b88.3fc8: 000000007ffe8000-00000041f77fffff 0x0001/0x0000 0x0000000 b88.3fc8: *00000041f7800000-00000041f7993fff 0x0000/0x0004 0x0020000 b88.3fc8: 00000041f7994000-00000041f7996fff 0x0004/0x0004 0x0020000 b88.3fc8: 00000041f7997000-00000041f79fffff 0x0000/0x0004 0x0020000 b88.3fc8: *00000041f7a00000-00000041f7ab0fff 0x0000/0x0004 0x0020000 b88.3fc8: 00000041f7ab1000-00000041f7ab3fff 0x0104/0x0004 0x0020000 b88.3fc8: 00000041f7ab4000-00000041f7afffff 0x0004/0x0004 0x0020000 b88.3fc8: 00000041f7b00000-000001f2ca3affff 0x0001/0x0000 0x0000000 b88.3fc8: *000001f2ca3b0000-000001f2ca3b0fff 0x0002/0x0002 0x0040000 b88.3fc8: 000001f2ca3b1000-000001f2ca3bffff 0x0001/0x0000 0x0000000 b88.3fc8: *000001f2ca3c0000-000001f2ca3c0fff 0x0002/0x0002 0x0040000 b88.3fc8: 000001f2ca3c1000-000001f2ca3cffff 0x0001/0x0000 0x0000000 b88.3fc8: *000001f2ca3d0000-000001f2ca3eefff 0x0002/0x0002 0x0040000 b88.3fc8: 000001f2ca3ef000-000001f2ca3effff 0x0001/0x0000 0x0000000 b88.3fc8: *000001f2ca3f0000-000001f2ca3f0fff 0x0020/0x0020 0x0040000 !! b88.3fc8: 000001f2ca3f1000-000001f2ca3fffff 0x0001/0x0000 0x0000000 b88.3fc8: *000001f2ca400000-000001f2ca403fff 0x0002/0x0002 0x0040000 b88.3fc8: 000001f2ca404000-000001f2ca40ffff 0x0001/0x0000 0x0000000 b88.3fc8: *000001f2ca410000-000001f2ca410fff 0x0002/0x0002 0x0040000 b88.3fc8: 000001f2ca411000-000001f2ca41ffff 0x0001/0x0000 0x0000000 b88.3fc8: *000001f2ca420000-000001f2ca421fff 0x0004/0x0004 0x0020000 b88.3fc8: 000001f2ca422000-000001f2ca42ffff 0x0001/0x0000 0x0000000 b88.3fc8: *000001f2ca430000-000001f2ca432fff 0x0002/0x0002 0x0040000 b88.3fc8: 000001f2ca433000-000001f2ca43ffff 0x0001/0x0000 0x0000000 b88.3fc8: *000001f2ca440000-000001f2ca441fff 0x0004/0x0004 0x0020000 b88.3fc8: 000001f2ca442000-000001f2ca4a1fff 0x0000/0x0004 0x0020000 b88.3fc8: 000001f2ca4a2000-000001f2ca4affff 0x0001/0x0000 0x0000000 b88.3fc8: *000001f2ca4b0000-000001f2ca4b9fff 0x0004/0x0004 0x0020000 b88.3fc8: 000001f2ca4ba000-000001f2ca5affff 0x0000/0x0004 0x0020000 b88.3fc8: *000001f2ca5b0000-000001f2ca5b0fff 0x0002/0x0002 0x0040000 b88.3fc8: 000001f2ca5b1000-000001f2ca5bffff 0x0001/0x0000 0x0000000 b88.3fc8: *000001f2ca5c0000-000001f2ca5cffff 0x0004/0x0004 0x0040000 b88.3fc8: *000001f2ca5d0000-000001f2ca5d2fff 0x0002/0x0002 0x0040000 b88.3fc8: 000001f2ca5d3000-000001f2ca5dffff 0x0001/0x0000 0x0000000 b88.3fc8: *000001f2ca5e0000-000001f2ca6adfff 0x0002/0x0002 0x0040000 b88.3fc8: 000001f2ca6ae000-000001f2ca6affff 0x0001/0x0000 0x0000000 b88.3fc8: *000001f2ca6b0000-000001f2ca6befff 0x0004/0x0004 0x0020000 b88.3fc8: 000001f2ca6bf000-000001f2ca6bffff 0x0000/0x0004 0x0020000 b88.3fc8: *000001f2ca6c0000-000001f2ca6c1fff 0x0000/0x0004 0x0020000 b88.3fc8: 000001f2ca6c2000-000001f2ca8cbfff 0x0004/0x0004 0x0020000 b88.3fc8: 000001f2ca8cc000-000001f2ca8ccfff 0x0000/0x0004 0x0020000 b88.3fc8: 000001f2ca8cd000-000001f2ca8cffff 0x0001/0x0000 0x0000000 b88.3fc8: *000001f2ca8d0000-000001f2ca8d1fff 0x0004/0x0004 0x0020000 b88.3fc8: 000001f2ca8d2000-000001f2ca931fff 0x0000/0x0004 0x0020000 b88.3fc8: 000001f2ca932000-000001f2ca93ffff 0x0001/0x0000 0x0000000 b88.3fc8: *000001f2ca940000-000001f2ca96dfff 0x0004/0x0004 0x0020000 b88.3fc8: 000001f2ca96e000-000001f2caa3ffff 0x0000/0x0004 0x0020000 b88.3fc8: 000001f2caa40000-00007df47381ffff 0x0001/0x0000 0x0000000 b88.3fc8: *00007df473820000-00007df473824fff 0x0002/0x0002 0x0040000 b88.3fc8: 00007df473825000-00007df47391ffff 0x0000/0x0002 0x0040000 b88.3fc8: *00007df473920000-00007df57393ffff 0x0000/0x0004 0x0020000 b88.3fc8: *00007df573940000-00007df57593ffff 0x0000/0x0004 0x0020000 b88.3fc8: 00007df575940000-00007df575940fff 0x0004/0x0004 0x0020000 b88.3fc8: 00007df575941000-00007df57594ffff 0x0001/0x0000 0x0000000 b88.3fc8: *00007df575950000-00007df575950fff 0x0002/0x0002 0x0040000 b88.3fc8: 00007df575951000-00007df57595ffff 0x0001/0x0000 0x0000000 b88.3fc8: *00007df575960000-00007df5776f1fff 0x0000/0x0001 0x0040000 b88.3fc8: 00007df5776f2000-00007df577759fff 0x0001/0x0001 0x0040000 b88.3fc8: 00007df57775a000-00007dfd40beefff 0x0000/0x0001 0x0040000 b88.3fc8: 00007dfd40bef000-00007dfd40beffff 0x0002/0x0001 0x0040000 b88.3fc8: 00007dfd40bf0000-00007ff54d9b8fff 0x0000/0x0001 0x0040000 b88.3fc8: 00007ff54d9b9000-00007ff54d9befff 0x0002/0x0001 0x0040000 b88.3fc8: 00007ff54d9bf000-00007ff569139fff 0x0000/0x0001 0x0040000 b88.3fc8: 00007ff56913a000-00007ff56bf1ffff 0x0001/0x0001 0x0040000 b88.3fc8: 00007ff56bf20000-00007ff56bf20fff 0x0002/0x0001 0x0040000 b88.3fc8: 00007ff56bf21000-00007ff56c193fff 0x0001/0x0001 0x0040000 b88.3fc8: 00007ff56c194000-00007ff56c194fff 0x0002/0x0001 0x0040000 b88.3fc8: 00007ff56c195000-00007ff56ce6ffff 0x0001/0x0001 0x0040000 b88.3fc8: 00007ff56ce70000-00007ff56ce7efff 0x0002/0x0001 0x0040000 b88.3fc8: 00007ff56ce7f000-00007ff56cea8fff 0x0001/0x0001 0x0040000 b88.3fc8: 00007ff56cea9000-00007ff56ceacfff 0x0002/0x0001 0x0040000 b88.3fc8: 00007ff56cead000-00007ff56cf1cfff 0x0001/0x0001 0x0040000 b88.3fc8: 00007ff56cf1d000-00007ff56cf25fff 0x0002/0x0001 0x0040000 b88.3fc8: 00007ff56cf26000-00007ff57595ffff 0x0000/0x0001 0x0040000 b88.3fc8: 00007ff575960000-00007ff60166ffff 0x0001/0x0000 0x0000000 b88.3fc8: *00007ff601670000-00007ff601670fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b88.3fc8: 00007ff601671000-00007ff6016dafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b88.3fc8: 00007ff6016db000-00007ff6016dbfff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b88.3fc8: 00007ff6016dc000-00007ff60172efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b88.3fc8: 00007ff60172f000-00007ff601731fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b88.3fc8: 00007ff601732000-00007ff601734fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b88.3fc8: 00007ff601735000-00007ff601737fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b88.3fc8: 00007ff601738000-00007ff601738fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b88.3fc8: 00007ff601739000-00007ff60173afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b88.3fc8: 00007ff60173b000-00007ff60173bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b88.3fc8: 00007ff60173c000-00007ff601783fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b88.3fc8: 00007ff601784000-00007ffd9702ffff 0x0001/0x0000 0x0000000 b88.3fc8: *00007ffd97030000-00007ffd9703ffff 0x0020/0x0040 0x0020000 !! b88.3fc8: 00007ffd97040000-00007ffda0d1ffff 0x0001/0x0000 0x0000000 b88.3fc8: *00007ffda0d20000-00007ffda0d20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Avast Software\Avast\aswhook.dll b88.3fc8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffda0d20000 LB 0x1000 (base 00007ffda0d20000) - 'aswhook.dll' b88.3fc8: 00007ffda0d21000-00007ffda0d2afff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Avast Software\Avast\aswhook.dll b88.3fc8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffda0d21000 LB 0xa000 (base 00007ffda0d20000) - 'aswhook.dll' b88.3fc8: 00007ffda0d2b000-00007ffda0d2dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Avast Software\Avast\aswhook.dll b88.3fc8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffda0d2b000 LB 0x3000 (base 00007ffda0d20000) - 'aswhook.dll' b88.3fc8: 00007ffda0d2e000-00007ffda0d2ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Avast Software\Avast\aswhook.dll b88.3fc8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffda0d2e000 LB 0x2000 (base 00007ffda0d20000) - 'aswhook.dll' b88.3fc8: 00007ffda0d30000-00007ffda0d33fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Avast Software\Avast\aswhook.dll b88.3fc8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffda0d30000 LB 0x4000 (base 00007ffda0d20000) - 'aswhook.dll' b88.3fc8: 00007ffda0d34000-00007ffda0d34fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Avast Software\Avast\aswhook.dll b88.3fc8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffda0d34000 LB 0x1000 (base 00007ffda0d20000) - 'aswhook.dll' b88.3fc8: 00007ffda0d35000-00007ffda0d36fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Avast Software\Avast\aswhook.dll b88.3fc8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffda0d35000 LB 0x2000 (base 00007ffda0d20000) - 'aswhook.dll' b88.3fc8: 00007ffda0d37000-00007ffdd440ffff 0x0001/0x0000 0x0000000 b88.3fc8: *00007ffdd4410000-00007ffdd4410fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\KernelBase.dll b88.3fc8: 00007ffdd4411000-00007ffdd4587fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\KernelBase.dll b88.3fc8: 00007ffdd4588000-00007ffdd473cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\KernelBase.dll b88.3fc8: 00007ffdd473d000-00007ffdd4741fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\KernelBase.dll b88.3fc8: 00007ffdd4742000-00007ffdd478afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\KernelBase.dll b88.3fc8: 00007ffdd478b000-00007ffdd526ffff 0x0001/0x0000 0x0000000 b88.3fc8: *00007ffdd5270000-00007ffdd5270fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\kernel32.dll b88.3fc8: 00007ffdd5271000-00007ffdd52eefff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\kernel32.dll b88.3fc8: 00007ffdd52ef000-00007ffdd5322fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\kernel32.dll b88.3fc8: 00007ffdd5323000-00007ffdd5323fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\kernel32.dll b88.3fc8: 00007ffdd5324000-00007ffdd5324fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\kernel32.dll b88.3fc8: 00007ffdd5325000-00007ffdd532dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\kernel32.dll b88.3fc8: 00007ffdd532e000-00007ffdd6f3ffff 0x0001/0x0000 0x0000000 b88.3fc8: *00007ffdd6f40000-00007ffdd6f40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll b88.3fc8: 00007ffdd6f41000-00007ffdd706bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll b88.3fc8: 00007ffdd706c000-00007ffdd70b3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll b88.3fc8: 00007ffdd70b4000-00007ffdd70b4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll b88.3fc8: 00007ffdd70b5000-00007ffdd70b6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll b88.3fc8: 00007ffdd70b7000-00007ffdd70bffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll b88.3fc8: 00007ffdd70c0000-00007ffdd7148fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll b88.3fc8: 00007ffdd7149000-00007ffffffeffff 0x0001/0x0000 0x0000000 b88.3fc8: kernel32.dll: timestamp 0x9416e42c (rc=VINF_SUCCESS) b88.3fc8: kernelbase.dll: timestamp 0x2a439301 (rc=VINF_SUCCESS) b88.3fc8: VirtualBoxVM.exe: timestamp 0x6375031d (rc=VINF_SUCCESS) b88.3fc8: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 b88.3fc8: '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports b88.3fc8: VirtualBoxVM.exe: Differences in section #7 (.00cfg) between file and memory: b88.3fc8: 00007ff601743000 / 0x00d3000: 00 != e0 b88.3fc8: 00007ff601743001 / 0x00d3001: 0d != 35 b88.3fc8: 00007ff601743002 / 0x00d3002: 69 != fd b88.3fc8: 00007ff601743003 / 0x00d3003: 01 != d6 b88.3fc8: 00007ff601743004 / 0x00d3004: f6 != fd b88.3fc8: 00007ff601743008 / 0x00d3008: 00 != e0 b88.3fc8: 00007ff601743009 / 0x00d3009: 0d != 35 b88.3fc8: 00007ff60174300a / 0x00d300a: 69 != fd b88.3fc8: 00007ff60174300b / 0x00d300b: 01 != d6 b88.3fc8: 00007ff60174300c / 0x00d300c: f6 != fd b88.3fc8: 00007ff601743011 / 0x00d3011: ab != 37 b88.3fc8: 00007ff601743012 / 0x00d3012: 6d != fd b88.3fc8: 00007ff601743013 / 0x00d3013: 01 != d6 b88.3fc8: 00007ff601743014 / 0x00d3014: f6 != fd b88.3fc8: 00007ff601743018 / 0x00d3018: 40 != 20 b88.3fc8: 00007ff601743019 / 0x00d3019: ab != 37 b88.3fc8: 00007ff60174301a / 0x00d301a: 6d != fd b88.3fc8: 00007ff60174301b / 0x00d301b: 01 != d6 b88.3fc8: 00007ff60174301c / 0x00d301c: f6 != fd b88.3fc8: 00007ff601743020 / 0x00d3020: 40 != 20 b88.3fc8: 00007ff601743021 / 0x00d3021: ab != 37 b88.3fc8: 00007ff601743022 / 0x00d3022: 6d != fd b88.3fc8: 00007ff601743023 / 0x00d3023: 01 != d6 b88.3fc8: 00007ff601743024 / 0x00d3024: f6 != fd b88.3fc8: Restored 0x28 bytes of original file content at 00007ff601743000 b88.3fc8: VirtualBoxVM.exe: Differences in section #8 (.rsrc) between file and memory: b88.3fc8: 00007ff6017825f4 / 0x01125f4: 00 != 50 b88.3fc8: 00007ff6017825f5 / 0x01125f5: 00 != 41 b88.3fc8: 00007ff6017825f6 / 0x01125f6: 00 != 44 b88.3fc8: 00007ff6017825f7 / 0x01125f7: 00 != 44 b88.3fc8: 00007ff6017825f8 / 0x01125f8: 00 != 49 b88.3fc8: 00007ff6017825f9 / 0x01125f9: 00 != 4e b88.3fc8: 00007ff6017825fa / 0x01125fa: 00 != 47 b88.3fc8: 00007ff6017825fb / 0x01125fb: 00 != 58 b88.3fc8: 00007ff6017825fc / 0x01125fc: 00 != 58 b88.3fc8: 00007ff6017825fd / 0x01125fd: 00 != 50 b88.3fc8: 00007ff6017825fe / 0x01125fe: 00 != 41 b88.3fc8: 00007ff6017825ff / 0x01125ff: 00 != 44 b88.3fc8: Restored 0xa0c bytes of original file content at 00007ff6017825f4 b88.3fc8: '\Device\HarddiskVolume8\Windows\System32\ntdll.dll' has no imports b88.3fc8: ntdll.dll: Differences in section #1 (.text) between file and memory: b88.3fc8: 00007ffdd6f76c50 / 0x0036c50: 4c != e9 b88.3fc8: 00007ffdd6f76c51 / 0x0036c51: 89 != 83 b88.3fc8: 00007ffdd6f76c52 / 0x0036c52: 4c != 95 b88.3fc8: 00007ffdd6f76c53 / 0x0036c53: 24 != 0b b88.3fc8: 00007ffdd6f76c54 / 0x0036c54: 20 != c0 b88.3fc8: 00007ffdd6f76c55 / 0x0036c55: 48 != cc b88.3fc8: 00007ffdd6f76c56 / 0x0036c56: 89 != cc b88.3fc8: 00007ffdd6f76c57 / 0x0036c57: 54 != cc b88.3fc8: 00007ffdd6f76c58 / 0x0036c58: 24 != cc b88.3fc8: 00007ffdd6f76c59 / 0x0036c59: 10 != cc b88.3fc8: Restored 0x2000 bytes of original file content at 00007ffdd6f75000 b88.3fc8: ntdll.dll: Differences in section #1 (.text) between file and memory: b88.3fc8: 00007ffdd6f7adb0 / 0x003adb0: 48 != e9 b88.3fc8: 00007ffdd6f7adb1 / 0x003adb1: 89 != 83 b88.3fc8: 00007ffdd6f7adb2 / 0x003adb2: 5c != 54 b88.3fc8: 00007ffdd6f7adb3 / 0x003adb3: 24 != 0b b88.3fc8: 00007ffdd6f7adb4 / 0x003adb4: 10 != c0 b88.3fc8: 00007ffdd6f7adb5 / 0x003adb5: 56 != cc b88.3fc8: Restored 0x2000 bytes of original file content at 00007ffdd6f79000 b88.3fc8: ntdll.dll: Differences in section #1 (.text) between file and memory: b88.3fc8: 00007ffdd7041aa0 / 0x0101aa0: 48 != e9 b88.3fc8: 00007ffdd7041aa1 / 0x0101aa1: 89 != d3 b88.3fc8: 00007ffdd7041aa2 / 0x0101aa2: 5c != e6 b88.3fc8: 00007ffdd7041aa3 / 0x0101aa3: 24 != fe b88.3fc8: 00007ffdd7041aa4 / 0x0101aa4: 08 != bf b88.3fc8: 00007ffdd7041aa5 / 0x0101aa5: 48 != cc b88.3fc8: 00007ffdd7041aa6 / 0x0101aa6: 89 != cc b88.3fc8: 00007ffdd7041aa7 / 0x0101aa7: 74 != cc b88.3fc8: 00007ffdd7041aa8 / 0x0101aa8: 24 != cc b88.3fc8: 00007ffdd7041aa9 / 0x0101aa9: 10 != cc b88.3fc8: Restored 0x2000 bytes of original file content at 00007ffdd703fb0e b88.3fc8: ntdll.dll: Differences in section #8 (.00cfg) between file and memory: b88.3fc8: 00007ffdd70d3000 / 0x0193000: 60 != 20 b88.3fc8: 00007ffdd70d3001 / 0x0193001: a5 != 37 b88.3fc8: 00007ffdd70d3002 / 0x0193002: fe != fd b88.3fc8: 00007ffdd70d3008 / 0x0193008: d0 != e0 b88.3fc8: 00007ffdd70d3009 / 0x0193009: 34 != 35 b88.3fc8: 00007ffdd70d3010 / 0x0193010: 80 != 20 b88.3fc8: 00007ffdd70d3011 / 0x0193011: a5 != 37 b88.3fc8: 00007ffdd70d3012 / 0x0193012: fe != fd b88.3fc8: 00007ffdd70d3018 / 0x0193018: 80 != 20 b88.3fc8: 00007ffdd70d3019 / 0x0193019: a5 != 37 b88.3fc8: 00007ffdd70d301a / 0x019301a: fe != fd b88.3fc8: Restored 0x20 bytes of original file content at 00007ffdd70d3000 b88.3fc8: kernel32.dll: Differences in section #2 (.rdata) between file and memory: b88.3fc8: 00007ffdd52f33c8 / 0x00833c8: 10 != e0 b88.3fc8: 00007ffdd52f33c9 / 0x00833c9: 30 != 35 b88.3fc8: 00007ffdd52f33ca / 0x00833ca: 29 != fd b88.3fc8: 00007ffdd52f33cb / 0x00833cb: d5 != d6 b88.3fc8: 00007ffdd52f33d0 / 0x00833d0: a0 != 20 b88.3fc8: 00007ffdd52f33d1 / 0x00833d1: 54 != 37 b88.3fc8: 00007ffdd52f33d2 / 0x00833d2: 29 != fd b88.3fc8: 00007ffdd52f33d3 / 0x00833d3: d5 != d6 b88.3fc8: 00007ffdd52f33d8 / 0x00833d8: 10 != e0 b88.3fc8: 00007ffdd52f33d9 / 0x00833d9: 30 != 35 b88.3fc8: 00007ffdd52f33da / 0x00833da: 29 != fd b88.3fc8: 00007ffdd52f33db / 0x00833db: d5 != d6 b88.3fc8: 00007ffdd52f33e0 / 0x00833e0: c0 != 20 b88.3fc8: 00007ffdd52f33e1 / 0x00833e1: 54 != 37 b88.3fc8: 00007ffdd52f33e2 / 0x00833e2: 29 != fd b88.3fc8: 00007ffdd52f33e3 / 0x00833e3: d5 != d6 b88.3fc8: 00007ffdd52f33e8 / 0x00833e8: c0 != 20 b88.3fc8: 00007ffdd52f33e9 / 0x00833e9: 54 != 37 b88.3fc8: 00007ffdd52f33ea / 0x00833ea: 29 != fd b88.3fc8: 00007ffdd52f33eb / 0x00833eb: d5 != d6 b88.3fc8: Restored 0x2000 bytes of original file content at 00007ffdd52f3000 b88.3fc8: kernelbase.dll: Differences in section #2 (.rdata) between file and memory: b88.3fc8: 00007ffdd4652e80 / 0x0242e80: f0 != e0 b88.3fc8: 00007ffdd4652e81 / 0x0242e81: d0 != 35 b88.3fc8: 00007ffdd4652e82 / 0x0242e82: 4c != fd b88.3fc8: 00007ffdd4652e83 / 0x0242e83: d4 != d6 b88.3fc8: 00007ffdd4652e88 / 0x0242e88: a0 != 20 b88.3fc8: 00007ffdd4652e89 / 0x0242e89: d4 != 37 b88.3fc8: 00007ffdd4652e8a / 0x0242e8a: 4c != fd b88.3fc8: 00007ffdd4652e8b / 0x0242e8b: d4 != d6 b88.3fc8: 00007ffdd4652e90 / 0x0242e90: f0 != e0 b88.3fc8: 00007ffdd4652e91 / 0x0242e91: d0 != 35 b88.3fc8: 00007ffdd4652e92 / 0x0242e92: 4c != fd b88.3fc8: 00007ffdd4652e93 / 0x0242e93: d4 != d6 b88.3fc8: 00007ffdd4652e98 / 0x0242e98: c0 != 20 b88.3fc8: 00007ffdd4652e99 / 0x0242e99: d4 != 37 b88.3fc8: 00007ffdd4652e9a / 0x0242e9a: 4c != fd b88.3fc8: 00007ffdd4652e9b / 0x0242e9b: d4 != d6 b88.3fc8: 00007ffdd4652ea0 / 0x0242ea0: c0 != 20 b88.3fc8: 00007ffdd4652ea1 / 0x0242ea1: d4 != 37 b88.3fc8: 00007ffdd4652ea2 / 0x0242ea2: 4c != fd b88.3fc8: 00007ffdd4652ea3 / 0x0242ea3: d4 != d6 b88.3fc8: Restored 0x2000 bytes of original file content at 00007ffdd4652000 b88.3fc8: supHardNtVpCheckHandles: b88.3fc8: supHardNtVpCheckHandles: Marked Mutant handle non-inheritable: 0000000000001580 b88.3fc8: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=9 b88.3fc8: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 b88.3fc8: '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports b88.3fc8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) b88.3fc8: supR3HardNtEnableThreadCreationEx: b88.3fc8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffdd6fbac10 pvNtTerminateThread=00007ffdd6fe45d0 b88.3fc8: supR3HardenedWinDoReSpawn(1): New child 3d74.10f0 [kernel32]. b88.3fc8: supR3HardNtChildGatherData: PebBaseAddress=0000006c6b3da000 cbPeb=0x388 b88.3fc8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffdd6f40000 uNtDllChildAddr=00007ffdd6f40000 b88.3fc8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffdd6fbac10 b88.3fc8: supR3HardenedWinSetupChildInit: Initial context: rax=0000000000000000 rbx=0000000000000000 rcx=00007ff60167b7a0 rdx=0000006c6b3da000 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000 rip=00007ffdd6f44830 rsp=0000006c6b15fdd8 rbp=0000000000000000 ctxflags=0010001b cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000 b88.3fc8: supR3HardenedWinSetupChildInit: Start child. b88.3fc8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. b88.3fc8: supR3HardNtChildPurify: Startup delay kludge #1/0: 522 ms, 33 sleeps b88.3fc8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION b88.3fc8: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000 b88.3fc8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 b88.3fc8: 000000007ffe1000-000000007ffe6fff 0x0001/0x0000 0x0000000 b88.3fc8: *000000007ffe7000-000000007ffe7fff 0x0002/0x0002 0x0020000 b88.3fc8: 000000007ffe8000-0000006c6b05ffff 0x0001/0x0000 0x0000000 b88.3fc8: *0000006c6b060000-0000006c6b15afff 0x0000/0x0004 0x0020000 b88.3fc8: 0000006c6b15b000-0000006c6b15dfff 0x0104/0x0004 0x0020000 b88.3fc8: 0000006c6b15e000-0000006c6b15ffff 0x0004/0x0004 0x0020000 b88.3fc8: 0000006c6b160000-0000006c6b1fffff 0x0001/0x0000 0x0000000 b88.3fc8: *0000006c6b200000-0000006c6b3d9fff 0x0000/0x0004 0x0020000 b88.3fc8: 0000006c6b3da000-0000006c6b3dcfff 0x0004/0x0004 0x0020000 b88.3fc8: 0000006c6b3dd000-0000006c6b3fffff 0x0000/0x0004 0x0020000 b88.3fc8: 0000006c6b400000-000001dc5d2effff 0x0001/0x0000 0x0000000 b88.3fc8: *000001dc5d2f0000-000001dc5d30ffff 0x0004/0x0004 0x0020000 b88.3fc8: *000001dc5d310000-000001dc5d32efff 0x0002/0x0002 0x0040000 b88.3fc8: 000001dc5d32f000-000001dc5d32ffff 0x0001/0x0000 0x0000000 b88.3fc8: *000001dc5d330000-000001dc5d330fff 0x0020/0x0020 0x0040000 !! b88.3fc8: supHardNtVpScanVirtualMemory: Unmapping exec mem at 000001dc5d330000 (000001dc5d330000/000001dc5d330000 LB 0x1000) b88.3fc8: 000001dc5d331000-000001dc5d33ffff 0x0001/0x0000 0x0000000 b88.3fc8: *000001dc5d340000-000001dc5d343fff 0x0002/0x0002 0x0040000 b88.3fc8: 000001dc5d344000-000001dc5d34ffff 0x0001/0x0000 0x0000000 b88.3fc8: *000001dc5d350000-000001dc5d350fff 0x0002/0x0002 0x0040000 b88.3fc8: 000001dc5d351000-000001dc5d35ffff 0x0001/0x0000 0x0000000 b88.3fc8: *000001dc5d360000-000001dc5d361fff 0x0004/0x0004 0x0020000 b88.3fc8: 000001dc5d362000-00007df5be02ffff 0x0001/0x0000 0x0000000 b88.3fc8: *00007df5be030000-00007df5be030fff 0x0002/0x0002 0x0040000 b88.3fc8: 00007df5be031000-00007df5be03ffff 0x0001/0x0000 0x0000000 b88.3fc8: *00007df5be040000-00007df5bfdd1fff 0x0000/0x0001 0x0040000 b88.3fc8: 00007df5bfdd2000-00007df5bfe39fff 0x0001/0x0001 0x0040000 b88.3fc8: 00007df5bfe3a000-00007dfd2f78bfff 0x0000/0x0001 0x0040000 b88.3fc8: 00007dfd2f78c000-00007dfd2f78cfff 0x0002/0x0001 0x0040000 b88.3fc8: 00007dfd2f78d000-00007ff596098fff 0x0000/0x0001 0x0040000 b88.3fc8: 00007ff596099000-00007ff59609efff 0x0002/0x0001 0x0040000 b88.3fc8: 00007ff59609f000-00007ff5b1819fff 0x0000/0x0001 0x0040000 b88.3fc8: 00007ff5b181a000-00007ff5b55fcfff 0x0001/0x0001 0x0040000 b88.3fc8: 00007ff5b55fd000-00007ff5b5605fff 0x0002/0x0001 0x0040000 b88.3fc8: 00007ff5b5606000-00007ff5be03ffff 0x0000/0x0001 0x0040000 b88.3fc8: 00007ff5be040000-00007ff60166ffff 0x0001/0x0000 0x0000000 b88.3fc8: *00007ff601670000-00007ff601670fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b88.3fc8: 00007ff601671000-00007ff6016dafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b88.3fc8: 00007ff6016db000-00007ff6016dbfff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b88.3fc8: 00007ff6016dc000-00007ff60172efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b88.3fc8: 00007ff60172f000-00007ff60172ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b88.3fc8: 00007ff601730000-00007ff601730fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b88.3fc8: 00007ff601731000-00007ff601735fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b88.3fc8: 00007ff601736000-00007ff60173bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b88.3fc8: 00007ff60173c000-00007ff601783fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b88.3fc8: 00007ff601784000-00007ffdd6f3ffff 0x0001/0x0000 0x0000000 b88.3fc8: *00007ffdd6f40000-00007ffdd6f40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll b88.3fc8: 00007ffdd6f41000-00007ffdd706bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll b88.3fc8: 00007ffdd706c000-00007ffdd70b3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll b88.3fc8: 00007ffdd70b4000-00007ffdd70bffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll b88.3fc8: 00007ffdd70c0000-00007ffdd70cefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll b88.3fc8: 00007ffdd70cf000-00007ffdd70cffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll b88.3fc8: 00007ffdd70d0000-00007ffdd70d2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll b88.3fc8: 00007ffdd70d3000-00007ffdd7148fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll b88.3fc8: 00007ffdd7149000-00007ffffffeffff 0x0001/0x0000 0x0000000 b88.3fc8: VirtualBoxVM.exe: Differences in section #8 (.rsrc) between file and memory: b88.3fc8: 00007ff6017825f4 / 0x01125f4: 00 != 50 b88.3fc8: 00007ff6017825f5 / 0x01125f5: 00 != 41 b88.3fc8: 00007ff6017825f6 / 0x01125f6: 00 != 44 b88.3fc8: 00007ff6017825f7 / 0x01125f7: 00 != 44 b88.3fc8: 00007ff6017825f8 / 0x01125f8: 00 != 49 b88.3fc8: 00007ff6017825f9 / 0x01125f9: 00 != 4e b88.3fc8: 00007ff6017825fa / 0x01125fa: 00 != 47 b88.3fc8: 00007ff6017825fb / 0x01125fb: 00 != 58 b88.3fc8: 00007ff6017825fc / 0x01125fc: 00 != 58 b88.3fc8: 00007ff6017825fd / 0x01125fd: 00 != 50 b88.3fc8: 00007ff6017825fe / 0x01125fe: 00 != 41 b88.3fc8: 00007ff6017825ff / 0x01125ff: 00 != 44 b88.3fc8: Restored 0xa0c bytes of original file content at 00007ff6017825f4 b88.3fc8: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x4 b88.3fc8: supR3HardNtChildPurify: Startup delay kludge #1/1: 515 ms, 33 sleeps b88.3fc8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION b88.3fc8: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000 b88.3fc8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 b88.3fc8: 000000007ffe1000-000000007ffe6fff 0x0001/0x0000 0x0000000 b88.3fc8: *000000007ffe7000-000000007ffe7fff 0x0002/0x0002 0x0020000 b88.3fc8: 000000007ffe8000-0000006c6b05ffff 0x0001/0x0000 0x0000000 b88.3fc8: *0000006c6b060000-0000006c6b15afff 0x0000/0x0004 0x0020000 b88.3fc8: 0000006c6b15b000-0000006c6b15dfff 0x0104/0x0004 0x0020000 b88.3fc8: 0000006c6b15e000-0000006c6b15ffff 0x0004/0x0004 0x0020000 b88.3fc8: 0000006c6b160000-0000006c6b1fffff 0x0001/0x0000 0x0000000 b88.3fc8: *0000006c6b200000-0000006c6b3d9fff 0x0000/0x0004 0x0020000 b88.3fc8: 0000006c6b3da000-0000006c6b3dcfff 0x0004/0x0004 0x0020000 b88.3fc8: 0000006c6b3dd000-0000006c6b3fffff 0x0000/0x0004 0x0020000 b88.3fc8: 0000006c6b400000-000001dc5d2effff 0x0001/0x0000 0x0000000 b88.3fc8: *000001dc5d2f0000-000001dc5d30ffff 0x0004/0x0004 0x0020000 b88.3fc8: *000001dc5d310000-000001dc5d32efff 0x0002/0x0002 0x0040000 b88.3fc8: 000001dc5d32f000-000001dc5d33ffff 0x0001/0x0000 0x0000000 b88.3fc8: *000001dc5d340000-000001dc5d343fff 0x0002/0x0002 0x0040000 b88.3fc8: 000001dc5d344000-000001dc5d34ffff 0x0001/0x0000 0x0000000 b88.3fc8: *000001dc5d350000-000001dc5d350fff 0x0002/0x0002 0x0040000 b88.3fc8: 000001dc5d351000-000001dc5d35ffff 0x0001/0x0000 0x0000000 b88.3fc8: *000001dc5d360000-000001dc5d361fff 0x0004/0x0004 0x0020000 b88.3fc8: 000001dc5d362000-00007df5be02ffff 0x0001/0x0000 0x0000000 b88.3fc8: *00007df5be030000-00007df5be030fff 0x0002/0x0002 0x0040000 b88.3fc8: 00007df5be031000-00007df5be03ffff 0x0001/0x0000 0x0000000 b88.3fc8: *00007df5be040000-00007df5bfdd1fff 0x0000/0x0001 0x0040000 b88.3fc8: 00007df5bfdd2000-00007df5bfe39fff 0x0001/0x0001 0x0040000 b88.3fc8: 00007df5bfe3a000-00007dfd2f78bfff 0x0000/0x0001 0x0040000 b88.3fc8: 00007dfd2f78c000-00007dfd2f78cfff 0x0002/0x0001 0x0040000 b88.3fc8: 00007dfd2f78d000-00007ff596098fff 0x0000/0x0001 0x0040000 b88.3fc8: 00007ff596099000-00007ff59609efff 0x0002/0x0001 0x0040000 b88.3fc8: 00007ff59609f000-00007ff5b1819fff 0x0000/0x0001 0x0040000 b88.3fc8: 00007ff5b181a000-00007ff5b55fcfff 0x0001/0x0001 0x0040000 b88.3fc8: 00007ff5b55fd000-00007ff5b5605fff 0x0002/0x0001 0x0040000 b88.3fc8: 00007ff5b5606000-00007ff5be03ffff 0x0000/0x0001 0x0040000 b88.3fc8: 00007ff5be040000-00007ff60166ffff 0x0001/0x0000 0x0000000 b88.3fc8: *00007ff601670000-00007ff601670fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b88.3fc8: 00007ff601671000-00007ff6016dafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b88.3fc8: 00007ff6016db000-00007ff6016dbfff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b88.3fc8: 00007ff6016dc000-00007ff60172efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b88.3fc8: 00007ff60172f000-00007ff60173bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b88.3fc8: 00007ff60173c000-00007ff601783fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b88.3fc8: 00007ff601784000-00007ffdd6f3ffff 0x0001/0x0000 0x0000000 b88.3fc8: *00007ffdd6f40000-00007ffdd6f40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll b88.3fc8: 00007ffdd6f41000-00007ffdd706bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll b88.3fc8: 00007ffdd706c000-00007ffdd70b3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll b88.3fc8: 00007ffdd70b4000-00007ffdd70b7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll b88.3fc8: 00007ffdd70b8000-00007ffdd70bffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll b88.3fc8: 00007ffdd70c0000-00007ffdd70cefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll b88.3fc8: 00007ffdd70cf000-00007ffdd70cffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll b88.3fc8: 00007ffdd70d0000-00007ffdd70d2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll b88.3fc8: 00007ffdd70d3000-00007ffdd7148fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll b88.3fc8: 00007ffdd7149000-00007ffffffeffff 0x0001/0x0000 0x0000000 b88.3fc8: supR3HardNtChildPurify: Done after 1041 ms and 2 fixes (loop #1). 3d74.10f0: supR3HardenedVmProcessInit: uNtDllAddr=00007ffdd6f40000 g_uNtVerCombined=0xa055f000 (stack ~0000006c6b15eba0) 3d74.10f0: ntdll.dll: timestamp 0x57b668f2 (rc=VINF_SUCCESS) 3d74.10f0: New simple heap: #1 000001dc5d470000 LB 0x800000 (for 2134016 allocation) b88.3fc8: supR3HardNtEnableThreadCreationEx: 3d74.10f0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox' 3d74.10f0: System32: \Device\HarddiskVolume8\Windows\System32 3d74.10f0: WinSxS: \Device\HarddiskVolume8\Windows\WinSxS 3d74.10f0: KnownDllPath: C:\Windows\System32 3d74.10f0: supR3HardenedVmProcessInit: Opening vboxsup stub... 3d74.10f0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 3d74.10f0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 3d74.10f0: Registered Dll notification callback with NTDLL. 3d74.10f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\kernel32.dll) 3d74.10f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\kernel32.dll 3d74.10f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] 3d74.10f0: supR3HardenedMonitor_KiUserApcDispatcher_C: pfnRoutine=000001dc5d330088 enmState=3 -> supR3HardenedWinDummyApcRoutine 3d74.10f0: supR3HardenedWinDummyApcRoutine: pvArg1=000001dc5d330000 pvArg2=0000000000000000 pvArg3=0000000000000000 3d74.10f0: supR3HardenedDllNotificationCallback: load 00007ffdd4410000 LB 0x0037b000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0] 3d74.10f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\KernelBase.dll) 3d74.10f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\KernelBase.dll 3d74.10f0: supR3HardenedDllNotificationCallback: load 00007ffdd5270000 LB 0x000be000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0] 3d74.10f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 3d74.10f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd5270000 'C:\Windows\System32\KERNEL32.DLL' 3d74.10f0: supR3HardenedDllNotificationCallback: load 00007ff601670000 LB 0x00114000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0] 3d74.10f0: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 3d74.10f0: '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 3d74.10f0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 3d74.10f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3d74.10f0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffdd6fbac10 pvNtTerminateThread=00007ffdd6fe45d0 b88.3fc8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 63 ms. 3d74.10f0: \SystemRoot\System32\ntdll.dll: 3d74.10f0: CreationTime: 2022-09-15T09:57:05.594340100Z 3d74.10f0: LastWriteTime: 2022-09-15T09:57:05.628540200Z 3d74.10f0: ChangeTime: 2022-11-09T23:47:10.845416100Z 3d74.10f0: FileAttributes: 0x20 3d74.10f0: Size: 0x207df8 3d74.10f0: NT Headers: 0xe0 3d74.10f0: Timestamp: 0x57b668f2 3d74.10f0: Machine: 0x8664 - amd64 3d74.10f0: Timestamp: 0x57b668f2 3d74.10f0: Image Version: 10.0 3d74.10f0: SizeOfImage: 0x209000 (2134016) 3d74.10f0: Resource Dir: 0x194000 LB 0x73528 3d74.10f0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 3d74.10f0: [Raw version resource data: 0x1940f0 LB 0x380, codepage 0x0 (reserved 0x0)] 3d74.10f0: ProductName: Microsoft® Windows® Operating System 3d74.10f0: ProductVersion: 10.0.22000.918 3d74.10f0: FileVersion: 10.0.22000.918 (WinBuild.160101.0800) 3d74.10f0: FileDescription: NT Layer DLL 3d74.10f0: \SystemRoot\System32\kernel32.dll: 3d74.10f0: CreationTime: 2022-11-09T23:45:56.720455400Z 3d74.10f0: LastWriteTime: 2022-11-09T23:45:56.734459100Z 3d74.10f0: ChangeTime: 2022-11-10T13:40:54.323737900Z 3d74.10f0: FileAttributes: 0x20 3d74.10f0: Size: 0xc1060 3d74.10f0: NT Headers: 0xe8 3d74.10f0: Timestamp: 0x9416e42c 3d74.10f0: Machine: 0x8664 - amd64 3d74.10f0: Timestamp: 0x9416e42c 3d74.10f0: Image Version: 10.0 3d74.10f0: SizeOfImage: 0xbe000 (778240) 3d74.10f0: Resource Dir: 0xbc000 LB 0x520 3d74.10f0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 3d74.10f0: [Raw version resource data: 0xbc0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 3d74.10f0: ProductName: Microsoft® Windows® Operating System 3d74.10f0: ProductVersion: 10.0.22000.1219 3d74.10f0: FileVersion: 10.0.22000.1219 (WinBuild.160101.0800) 3d74.10f0: FileDescription: Windows NT BASE API Client DLL 3d74.10f0: \SystemRoot\System32\KernelBase.dll: 3d74.10f0: CreationTime: 2022-11-09T23:46:00.173868600Z 3d74.10f0: LastWriteTime: 2022-11-09T23:46:00.263888800Z 3d74.10f0: ChangeTime: 2022-11-10T13:40:54.354991400Z 3d74.10f0: FileAttributes: 0x20 3d74.10f0: Size: 0x3822b8 3d74.10f0: NT Headers: 0xf8 3d74.10f0: Timestamp: 0x2a439301 3d74.10f0: Machine: 0x8664 - amd64 3d74.10f0: Timestamp: 0x2a439301 3d74.10f0: Image Version: 10.0 3d74.10f0: SizeOfImage: 0x37b000 (3649536) 3d74.10f0: Resource Dir: 0x34b000 LB 0x548 3d74.10f0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 3d74.10f0: [Raw version resource data: 0x34b0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 3d74.10f0: ProductName: Microsoft® Windows® Operating System 3d74.10f0: ProductVersion: 10.0.22000.1165 3d74.10f0: FileVersion: 10.0.22000.1165 (WinBuild.160101.0800) 3d74.10f0: FileDescription: Windows NT BASE API Client DLL 3d74.10f0: \SystemRoot\System32\apisetschema.dll: 3d74.10f0: CreationTime: 2021-06-05T12:04:59.928787900Z 3d74.10f0: LastWriteTime: 2021-06-05T12:04:59.928787900Z 3d74.10f0: ChangeTime: 2022-11-09T23:47:09.633374300Z 3d74.10f0: FileAttributes: 0x20 3d74.10f0: Size: 0x24150 3d74.10f0: NT Headers: 0xc8 3d74.10f0: Timestamp: 0x68d1dbaf 3d74.10f0: Machine: 0x8664 - amd64 3d74.10f0: Timestamp: 0x68d1dbaf 3d74.10f0: Image Version: 10.0 3d74.10f0: SizeOfImage: 0x23000 (143360) 3d74.10f0: Resource Dir: 0x22000 LB 0x408 3d74.10f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 3d74.10f0: [Raw version resource data: 0x22060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 3d74.10f0: ProductName: Microsoft® Windows® Operating System 3d74.10f0: ProductVersion: 10.0.22000.1 3d74.10f0: FileVersion: 10.0.22000.1 (WinBuild.160101.0800) 3d74.10f0: FileDescription: ApiSet Schema DLL 3d74.10f0: NtOpenDirectoryObject failed on \Driver: 0xc0000022 3d74.10f0: supR3HardenedWinFindAdversaries: 0x4 3d74.10f0: \SystemRoot\System32\drivers\aswMonFlt.sys: 3d74.10f0: CreationTime: 2022-03-14T16:18:13.893635300Z 3d74.10f0: LastWriteTime: 2022-11-01T13:01:12.555584300Z 3d74.10f0: ChangeTime: 2022-11-01T13:01:12.555584300Z 3d74.10f0: FileAttributes: 0x20 3d74.10f0: Size: 0x43828 3d74.10f0: NT Headers: 0xe0 3d74.10f0: Timestamp: 0x634589ab 3d74.10f0: Machine: 0x8664 - amd64 3d74.10f0: Timestamp: 0x634589ab 3d74.10f0: Image Version: 10.0 3d74.10f0: SizeOfImage: 0x44000 (278528) 3d74.10f0: Resource Dir: 0x42000 LB 0x3a0 3d74.10f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 3d74.10f0: [Raw version resource data: 0x42060 LB 0x340, codepage 0x0 (reserved 0x0)] 3d74.10f0: ProductName: Avast Antivirus 3d74.10f0: ProductVersion: 22.10.441.0 3d74.10f0: FileVersion: 22.10.441.0 3d74.10f0: FileDescription: Avast File System Filter 3d74.10f0: \SystemRoot\System32\drivers\aswRdr2.sys: 3d74.10f0: CreationTime: 2022-03-14T16:18:13.891634800Z 3d74.10f0: LastWriteTime: 2022-11-01T13:01:12.546789900Z 3d74.10f0: ChangeTime: 2022-11-01T13:01:12.546789900Z 3d74.10f0: FileAttributes: 0x20 3d74.10f0: Size: 0x1bf20 3d74.10f0: NT Headers: 0xe8 3d74.10f0: Timestamp: 0x634589bb 3d74.10f0: Machine: 0x8664 - amd64 3d74.10f0: Timestamp: 0x634589bb 3d74.10f0: Image Version: 10.0 3d74.10f0: SizeOfImage: 0x1b000 (110592) 3d74.10f0: Resource Dir: 0x19000 LB 0x388 3d74.10f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 3d74.10f0: [Raw version resource data: 0x19060 LB 0x324, codepage 0x0 (reserved 0x0)] 3d74.10f0: ProductName: Avast Antivirus 3d74.10f0: ProductVersion: 22.10.441.0 3d74.10f0: FileVersion: 22.10.441.0 3d74.10f0: FileDescription: Avast Antivirus 3d74.10f0: \SystemRoot\System32\drivers\aswRvrt.sys: 3d74.10f0: CreationTime: 2022-03-14T16:18:13.894635600Z 3d74.10f0: LastWriteTime: 2022-11-01T13:01:12.564474100Z 3d74.10f0: ChangeTime: 2022-11-01T13:01:12.564474100Z 3d74.10f0: FileAttributes: 0x20 3d74.10f0: Size: 0x15f98 3d74.10f0: NT Headers: 0xf0 3d74.10f0: Timestamp: 0x634589ba 3d74.10f0: Machine: 0x8664 - amd64 3d74.10f0: Timestamp: 0x634589ba 3d74.10f0: Image Version: 10.0 3d74.10f0: SizeOfImage: 0x13000 (77824) 3d74.10f0: Resource Dir: 0x11000 LB 0x380 3d74.10f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 3d74.10f0: [Raw version resource data: 0x11060 LB 0x320, codepage 0x0 (reserved 0x0)] 3d74.10f0: ProductName: Avast Antivirus 3d74.10f0: ProductVersion: 22.10.441.0 3d74.10f0: FileVersion: 22.10.441.0 3d74.10f0: FileDescription: Avast Revert 3d74.10f0: \SystemRoot\System32\drivers\aswSnx.sys: 3d74.10f0: CreationTime: 2022-03-14T16:18:13.887634000Z 3d74.10f0: LastWriteTime: 2022-11-01T13:01:10.962228800Z 3d74.10f0: ChangeTime: 2022-11-01T13:01:10.962228800Z 3d74.10f0: FileAttributes: 0x20 3d74.10f0: Size: 0xd2ad8 3d74.10f0: NT Headers: 0xf8 3d74.10f0: Timestamp: 0x634589ce 3d74.10f0: Machine: 0x8664 - amd64 3d74.10f0: Timestamp: 0x634589ce 3d74.10f0: Image Version: 10.0 3d74.10f0: SizeOfImage: 0xce000 (843776) 3d74.10f0: Resource Dir: 0xcb000 LB 0x388 3d74.10f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 3d74.10f0: [Raw version resource data: 0xcb060 LB 0x324, codepage 0x0 (reserved 0x0)] 3d74.10f0: ProductName: Avast Antivirus 3d74.10f0: ProductVersion: 22.10.441.0 3d74.10f0: FileVersion: 22.10.441.0 3d74.10f0: FileDescription: Avast Antivirus 3d74.10f0: \SystemRoot\System32\drivers\aswsp.sys: 3d74.10f0: CreationTime: 2022-03-14T16:18:13.895636200Z 3d74.10f0: LastWriteTime: 2022-11-01T13:01:12.572290600Z 3d74.10f0: ChangeTime: 2022-11-01T13:01:12.572290600Z 3d74.10f0: FileAttributes: 0x20 3d74.10f0: Size: 0xa4210 3d74.10f0: NT Headers: 0xf0 3d74.10f0: Timestamp: 0x634589c0 3d74.10f0: Machine: 0x8664 - amd64 3d74.10f0: Timestamp: 0x634589c0 3d74.10f0: Image Version: 10.0 3d74.10f0: SizeOfImage: 0xa3000 (667648) 3d74.10f0: Resource Dir: 0xa1000 LB 0x388 3d74.10f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 3d74.10f0: [Raw version resource data: 0xa1060 LB 0x328, codepage 0x0 (reserved 0x0)] 3d74.10f0: ProductName: Avast Antivirus 3d74.10f0: ProductVersion: 22.10.441.0 3d74.10f0: FileVersion: 22.10.441.0 3d74.10f0: FileDescription: Avast Self Protection 3d74.10f0: \SystemRoot\System32\drivers\aswStm.sys: 3d74.10f0: CreationTime: 2022-11-01T13:01:14.321288500Z 3d74.10f0: LastWriteTime: 2022-11-01T13:01:12.717884700Z 3d74.10f0: ChangeTime: 2022-11-01T14:55:16.468424700Z 3d74.10f0: FileAttributes: 0x20 3d74.10f0: Size: 0x362f8 3d74.10f0: NT Headers: 0xf0 3d74.10f0: Timestamp: 0x634589cc 3d74.10f0: Machine: 0x8664 - amd64 3d74.10f0: Timestamp: 0x634589cc 3d74.10f0: Image Version: 10.0 3d74.10f0: SizeOfImage: 0x34000 (212992) 3d74.10f0: Resource Dir: 0x32000 LB 0x390 3d74.10f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 3d74.10f0: [Raw version resource data: 0x32060 LB 0x32c, codepage 0x0 (reserved 0x0)] 3d74.10f0: ProductName: Avast Antivirus 3d74.10f0: ProductVersion: 22.10.441.0 3d74.10f0: FileVersion: 22.10.441.0 3d74.10f0: FileDescription: Avast Stream Filter 3d74.10f0: \SystemRoot\System32\drivers\aswVmm.sys: 3d74.10f0: CreationTime: 2022-03-14T16:18:13.899636700Z 3d74.10f0: LastWriteTime: 2022-11-01T13:01:12.958512000Z 3d74.10f0: ChangeTime: 2022-11-01T13:01:12.958512000Z 3d74.10f0: FileAttributes: 0x20 3d74.10f0: Size: 0x500d8 3d74.10f0: NT Headers: 0xf8 3d74.10f0: Timestamp: 0x634589c5 3d74.10f0: Machine: 0x8664 - amd64 3d74.10f0: Timestamp: 0x634589c5 3d74.10f0: Image Version: 10.0 3d74.10f0: SizeOfImage: 0x4c000 (311296) 3d74.10f0: Resource Dir: 0x4a000 LB 0x388 3d74.10f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 3d74.10f0: [Raw version resource data: 0x4a060 LB 0x328, codepage 0x0 (reserved 0x0)] 3d74.10f0: ProductName: Avast Antivirus 3d74.10f0: ProductVersion: 22.10.441.0 3d74.10f0: FileVersion: 22.10.441.0 3d74.10f0: FileDescription: Avast VM Monitor 3d74.10f0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox' 3d74.10f0: Calling main() 3d74.10f0: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 3d74.10f0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox' 3d74.10f0: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 3d74.10f0: '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 3d74.10f0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 3d74.10f0: SUPR3HardenedMain: Respawn #2 3d74.10f0: supR3HardNtEnableThreadCreationEx: 3d74.10f0: supR3HardenedDllNotificationCallback: load 00007ffdd5020000 LB 0x0009e000 C:\Windows\System32\sechost.dll [fFlags=0x0] 3d74.10f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\sechost.dll) 3d74.10f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\sechost.dll 3d74.10f0: '\Device\HarddiskVolume8\Windows\System32\ntdll.dll' has no imports 3d74.10f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\ntdll.dll) 3d74.10f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\ntdll.dll 3d74.10f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 3d74.10f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd6f40000 'C:\Windows\System32\ntdll.dll' 3d74.10f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\KernelBase.dll [lacks WinVerifyTrust] 3d74.10f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KernelBase.dll (Input=KernelBase, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 3d74.10f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'C:\Windows\System32\KernelBase.dll' 3d74.10f0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffdd6fbac10 pvNtTerminateThread=00007ffdd6fe45d0 3d74.10f0: supR3HardenedWinDoReSpawn(2): New child 56f0.5ef4 [kernel32]. 3d74.10f0: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless) 3d74.10f0: supR3HardNtChildGatherData: PebBaseAddress=0000003e2919f000 cbPeb=0x388 3d74.10f0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffdd6f40000 uNtDllChildAddr=00007ffdd6f40000 3d74.10f0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffdd6fbac10 3d74.10f0: supR3HardenedWinSetupChildInit: Initial context: rax=0000000000000000 rbx=0000000000000000 rcx=00007ff60167b7a0 rdx=0000003e2919f000 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000 rip=00007ffdd6f44830 rsp=0000003e28f4fcd8 rbp=0000000000000000 ctxflags=0010001b cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000 3d74.10f0: kernel32.dll: timestamp 0x9416e42c (rc=VINF_SUCCESS) 3d74.10f0: supR3HardenedWinSetupChildInit: Start child. 3d74.10f0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms. 3d74.10f0: supR3HardNtChildPurify: Startup delay kludge #1/0: 513 ms, 33 sleeps 3d74.10f0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 3d74.10f0: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000 3d74.10f0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 3d74.10f0: 000000007ffe1000-000000007ffe6fff 0x0001/0x0000 0x0000000 3d74.10f0: *000000007ffe7000-000000007ffe7fff 0x0002/0x0002 0x0020000 3d74.10f0: 000000007ffe8000-0000003e28e4ffff 0x0001/0x0000 0x0000000 3d74.10f0: *0000003e28e50000-0000003e28f4afff 0x0000/0x0004 0x0020000 3d74.10f0: 0000003e28f4b000-0000003e28f4dfff 0x0104/0x0004 0x0020000 3d74.10f0: 0000003e28f4e000-0000003e28f4ffff 0x0004/0x0004 0x0020000 3d74.10f0: 0000003e28f50000-0000003e28ffffff 0x0001/0x0000 0x0000000 3d74.10f0: *0000003e29000000-0000003e2919efff 0x0000/0x0004 0x0020000 3d74.10f0: 0000003e2919f000-0000003e291a1fff 0x0004/0x0004 0x0020000 3d74.10f0: 0000003e291a2000-0000003e291fffff 0x0000/0x0004 0x0020000 3d74.10f0: 0000003e29200000-000001845113ffff 0x0001/0x0000 0x0000000 3d74.10f0: *0000018451140000-000001845115ffff 0x0004/0x0004 0x0020000 3d74.10f0: *0000018451160000-000001845117efff 0x0002/0x0002 0x0040000 3d74.10f0: 000001845117f000-000001845117ffff 0x0001/0x0000 0x0000000 3d74.10f0: *0000018451180000-0000018451180fff 0x0020/0x0020 0x0040000 !! 3d74.10f0: supHardNtVpScanVirtualMemory: Unmapping exec mem at 0000018451180000 (0000018451180000/0000018451180000 LB 0x1000) 3d74.10f0: 0000018451181000-000001845118ffff 0x0001/0x0000 0x0000000 3d74.10f0: *0000018451190000-0000018451193fff 0x0002/0x0002 0x0040000 3d74.10f0: 0000018451194000-000001845119ffff 0x0001/0x0000 0x0000000 3d74.10f0: *00000184511a0000-00000184511a0fff 0x0002/0x0002 0x0040000 3d74.10f0: 00000184511a1000-00000184511affff 0x0001/0x0000 0x0000000 3d74.10f0: *00000184511b0000-00000184511b1fff 0x0004/0x0004 0x0020000 3d74.10f0: 00000184511b2000-00007df5a5d6ffff 0x0001/0x0000 0x0000000 3d74.10f0: *00007df5a5d70000-00007df5a5d70fff 0x0002/0x0002 0x0040000 3d74.10f0: 00007df5a5d71000-00007df5a5d7ffff 0x0001/0x0000 0x0000000 3d74.10f0: *00007df5a5d80000-00007df5a7b11fff 0x0000/0x0001 0x0040000 3d74.10f0: 00007df5a7b12000-00007df5a7b79fff 0x0001/0x0001 0x0040000 3d74.10f0: 00007df5a7b7a000-00007dfbb71c5fff 0x0000/0x0001 0x0040000 3d74.10f0: 00007dfbb71c6000-00007dfbb71c6fff 0x0002/0x0001 0x0040000 3d74.10f0: 00007dfbb71c7000-00007ff57ddd8fff 0x0000/0x0001 0x0040000 3d74.10f0: 00007ff57ddd9000-00007ff57dddefff 0x0002/0x0001 0x0040000 3d74.10f0: 00007ff57dddf000-00007ff599559fff 0x0000/0x0001 0x0040000 3d74.10f0: 00007ff59955a000-00007ff59d33cfff 0x0001/0x0001 0x0040000 3d74.10f0: 00007ff59d33d000-00007ff59d345fff 0x0002/0x0001 0x0040000 3d74.10f0: 00007ff59d346000-00007ff5a5d7ffff 0x0000/0x0001 0x0040000 3d74.10f0: 00007ff5a5d80000-00007ff60166ffff 0x0001/0x0000 0x0000000 3d74.10f0: *00007ff601670000-00007ff601670fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3d74.10f0: 00007ff601671000-00007ff6016dafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3d74.10f0: 00007ff6016db000-00007ff6016dbfff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3d74.10f0: 00007ff6016dc000-00007ff60172efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3d74.10f0: 00007ff60172f000-00007ff60172ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3d74.10f0: 00007ff601730000-00007ff601730fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3d74.10f0: 00007ff601731000-00007ff601735fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3d74.10f0: 00007ff601736000-00007ff60173bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3d74.10f0: 00007ff60173c000-00007ff601783fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3d74.10f0: 00007ff601784000-00007ffdd6f3ffff 0x0001/0x0000 0x0000000 3d74.10f0: *00007ffdd6f40000-00007ffdd6f40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll 3d74.10f0: 00007ffdd6f41000-00007ffdd706bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll 3d74.10f0: 00007ffdd706c000-00007ffdd70b3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll 3d74.10f0: 00007ffdd70b4000-00007ffdd70bffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll 3d74.10f0: 00007ffdd70c0000-00007ffdd70cefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll 3d74.10f0: 00007ffdd70cf000-00007ffdd70cffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll 3d74.10f0: 00007ffdd70d0000-00007ffdd70d2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll 3d74.10f0: 00007ffdd70d3000-00007ffdd7148fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll 3d74.10f0: 00007ffdd7149000-00007ffffffeffff 0x0001/0x0000 0x0000000 3d74.10f0: VirtualBoxVM.exe: timestamp 0x6375031d (rc=VINF_SUCCESS) 3d74.10f0: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 3d74.10f0: '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 3d74.10f0: VirtualBoxVM.exe: Differences in section #8 (.rsrc) between file and memory: 3d74.10f0: 00007ff6017825f4 / 0x01125f4: 00 != 50 3d74.10f0: 00007ff6017825f5 / 0x01125f5: 00 != 41 3d74.10f0: 00007ff6017825f6 / 0x01125f6: 00 != 44 3d74.10f0: 00007ff6017825f7 / 0x01125f7: 00 != 44 3d74.10f0: 00007ff6017825f8 / 0x01125f8: 00 != 49 3d74.10f0: 00007ff6017825f9 / 0x01125f9: 00 != 4e 3d74.10f0: 00007ff6017825fa / 0x01125fa: 00 != 47 3d74.10f0: 00007ff6017825fb / 0x01125fb: 00 != 58 3d74.10f0: 00007ff6017825fc / 0x01125fc: 00 != 58 3d74.10f0: 00007ff6017825fd / 0x01125fd: 00 != 50 3d74.10f0: 00007ff6017825fe / 0x01125fe: 00 != 41 3d74.10f0: 00007ff6017825ff / 0x01125ff: 00 != 44 3d74.10f0: Restored 0xa0c bytes of original file content at 00007ff6017825f4 3d74.10f0: '\Device\HarddiskVolume8\Windows\System32\ntdll.dll' has no imports 3d74.10f0: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x4 3d74.10f0: supR3HardNtChildPurify: Startup delay kludge #1/1: 514 ms, 33 sleeps 3d74.10f0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 3d74.10f0: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000 3d74.10f0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 3d74.10f0: 000000007ffe1000-000000007ffe6fff 0x0001/0x0000 0x0000000 3d74.10f0: *000000007ffe7000-000000007ffe7fff 0x0002/0x0002 0x0020000 3d74.10f0: 000000007ffe8000-0000003e28e4ffff 0x0001/0x0000 0x0000000 3d74.10f0: *0000003e28e50000-0000003e28f4afff 0x0000/0x0004 0x0020000 3d74.10f0: 0000003e28f4b000-0000003e28f4dfff 0x0104/0x0004 0x0020000 3d74.10f0: 0000003e28f4e000-0000003e28f4ffff 0x0004/0x0004 0x0020000 3d74.10f0: 0000003e28f50000-0000003e28ffffff 0x0001/0x0000 0x0000000 3d74.10f0: *0000003e29000000-0000003e2919efff 0x0000/0x0004 0x0020000 3d74.10f0: 0000003e2919f000-0000003e291a1fff 0x0004/0x0004 0x0020000 3d74.10f0: 0000003e291a2000-0000003e291fffff 0x0000/0x0004 0x0020000 3d74.10f0: 0000003e29200000-000001845113ffff 0x0001/0x0000 0x0000000 3d74.10f0: *0000018451140000-000001845115ffff 0x0004/0x0004 0x0020000 3d74.10f0: *0000018451160000-000001845117efff 0x0002/0x0002 0x0040000 3d74.10f0: 000001845117f000-000001845118ffff 0x0001/0x0000 0x0000000 3d74.10f0: *0000018451190000-0000018451193fff 0x0002/0x0002 0x0040000 3d74.10f0: 0000018451194000-000001845119ffff 0x0001/0x0000 0x0000000 3d74.10f0: *00000184511a0000-00000184511a0fff 0x0002/0x0002 0x0040000 3d74.10f0: 00000184511a1000-00000184511affff 0x0001/0x0000 0x0000000 3d74.10f0: *00000184511b0000-00000184511b1fff 0x0004/0x0004 0x0020000 3d74.10f0: 00000184511b2000-00007df5a5d6ffff 0x0001/0x0000 0x0000000 3d74.10f0: *00007df5a5d70000-00007df5a5d70fff 0x0002/0x0002 0x0040000 3d74.10f0: 00007df5a5d71000-00007df5a5d7ffff 0x0001/0x0000 0x0000000 3d74.10f0: *00007df5a5d80000-00007df5a7b11fff 0x0000/0x0001 0x0040000 3d74.10f0: 00007df5a7b12000-00007df5a7b79fff 0x0001/0x0001 0x0040000 3d74.10f0: 00007df5a7b7a000-00007dfbb71c5fff 0x0000/0x0001 0x0040000 3d74.10f0: 00007dfbb71c6000-00007dfbb71c6fff 0x0002/0x0001 0x0040000 3d74.10f0: 00007dfbb71c7000-00007ff57ddd8fff 0x0000/0x0001 0x0040000 3d74.10f0: 00007ff57ddd9000-00007ff57dddefff 0x0002/0x0001 0x0040000 3d74.10f0: 00007ff57dddf000-00007ff599559fff 0x0000/0x0001 0x0040000 3d74.10f0: 00007ff59955a000-00007ff59d33cfff 0x0001/0x0001 0x0040000 3d74.10f0: 00007ff59d33d000-00007ff59d345fff 0x0002/0x0001 0x0040000 3d74.10f0: 00007ff59d346000-00007ff5a5d7ffff 0x0000/0x0001 0x0040000 3d74.10f0: 00007ff5a5d80000-00007ff60166ffff 0x0001/0x0000 0x0000000 3d74.10f0: *00007ff601670000-00007ff601670fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3d74.10f0: 00007ff601671000-00007ff6016dafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3d74.10f0: 00007ff6016db000-00007ff6016dbfff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3d74.10f0: 00007ff6016dc000-00007ff60172efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3d74.10f0: 00007ff60172f000-00007ff60173bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3d74.10f0: 00007ff60173c000-00007ff601783fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3d74.10f0: 00007ff601784000-00007ffdd6f3ffff 0x0001/0x0000 0x0000000 3d74.10f0: *00007ffdd6f40000-00007ffdd6f40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll 3d74.10f0: 00007ffdd6f41000-00007ffdd706bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll 3d74.10f0: 00007ffdd706c000-00007ffdd70b3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll 3d74.10f0: 00007ffdd70b4000-00007ffdd70b7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll 3d74.10f0: 00007ffdd70b8000-00007ffdd70bffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll 3d74.10f0: 00007ffdd70c0000-00007ffdd70cefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll 3d74.10f0: 00007ffdd70cf000-00007ffdd70cffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll 3d74.10f0: 00007ffdd70d0000-00007ffdd70d2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll 3d74.10f0: 00007ffdd70d3000-00007ffdd7148fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll 3d74.10f0: 00007ffdd7149000-00007ffffffeffff 0x0001/0x0000 0x0000000 3d74.10f0: supR3HardNtChildPurify: Done after 1052 ms and 2 fixes (loop #1). 56f0.5ef4: supR3HardenedVmProcessInit: uNtDllAddr=00007ffdd6f40000 g_uNtVerCombined=0xa055f000 (stack ~0000003e28f4eaa0) 3d74.10f0: supR3HardenedEarlyCompact: Removed heap 1 (0x0001dc5d470000 LB 0x800000) 56f0.5ef4: ntdll.dll: timestamp 0x57b668f2 (rc=VINF_SUCCESS) 3d74.10f0: supR3HardNtEnableThreadCreationEx: 56f0.5ef4: New simple heap: #1 00000184512c0000 LB 0x800000 (for 2134016 allocation) 56f0.5ef4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox' 56f0.5ef4: System32: \Device\HarddiskVolume8\Windows\System32 56f0.5ef4: WinSxS: \Device\HarddiskVolume8\Windows\WinSxS 56f0.5ef4: KnownDllPath: C:\Windows\System32 56f0.5ef4: supR3HardenedVmProcessInit: Opening vboxsup... 56f0.5ef4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 56f0.5ef4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 56f0.5ef4: Registered Dll notification callback with NTDLL. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\kernel32.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\kernel32.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] 56f0.5ef4: supR3HardenedMonitor_KiUserApcDispatcher_C: pfnRoutine=0000018451180088 enmState=4 -> supR3HardenedWinDummyApcRoutine 56f0.5ef4: supR3HardenedWinDummyApcRoutine: pvArg1=0000018451180000 pvArg2=0000000000000000 pvArg3=0000000000000000 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd4410000 LB 0x0037b000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0] 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\KernelBase.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\KernelBase.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd5270000 LB 0x000be000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd5270000 'C:\Windows\System32\KERNEL32.DLL' 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ff601670000 LB 0x00114000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0] 56f0.5ef4: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 56f0.5ef4: '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 56f0.5ef4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffdd6fbac10 pvNtTerminateThread=00007ffdd6fe45d0 3d74.10f0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 70 ms. 56f0.5ef4: \SystemRoot\System32\ntdll.dll: 56f0.5ef4: CreationTime: 2022-09-15T09:57:05.594340100Z 56f0.5ef4: LastWriteTime: 2022-09-15T09:57:05.628540200Z 56f0.5ef4: ChangeTime: 2022-11-09T23:47:10.845416100Z 56f0.5ef4: FileAttributes: 0x20 56f0.5ef4: Size: 0x207df8 56f0.5ef4: NT Headers: 0xe0 56f0.5ef4: Timestamp: 0x57b668f2 56f0.5ef4: Machine: 0x8664 - amd64 56f0.5ef4: Timestamp: 0x57b668f2 56f0.5ef4: Image Version: 10.0 56f0.5ef4: SizeOfImage: 0x209000 (2134016) 56f0.5ef4: Resource Dir: 0x194000 LB 0x73528 56f0.5ef4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 56f0.5ef4: [Raw version resource data: 0x1940f0 LB 0x380, codepage 0x0 (reserved 0x0)] 56f0.5ef4: ProductName: Microsoft® Windows® Operating System 56f0.5ef4: ProductVersion: 10.0.22000.918 56f0.5ef4: FileVersion: 10.0.22000.918 (WinBuild.160101.0800) 56f0.5ef4: FileDescription: NT Layer DLL 56f0.5ef4: \SystemRoot\System32\kernel32.dll: 56f0.5ef4: CreationTime: 2022-11-09T23:45:56.720455400Z 56f0.5ef4: LastWriteTime: 2022-11-09T23:45:56.734459100Z 56f0.5ef4: ChangeTime: 2022-11-10T13:40:54.323737900Z 56f0.5ef4: FileAttributes: 0x20 56f0.5ef4: Size: 0xc1060 56f0.5ef4: NT Headers: 0xe8 56f0.5ef4: Timestamp: 0x9416e42c 56f0.5ef4: Machine: 0x8664 - amd64 56f0.5ef4: Timestamp: 0x9416e42c 56f0.5ef4: Image Version: 10.0 56f0.5ef4: SizeOfImage: 0xbe000 (778240) 56f0.5ef4: Resource Dir: 0xbc000 LB 0x520 56f0.5ef4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 56f0.5ef4: [Raw version resource data: 0xbc0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 56f0.5ef4: ProductName: Microsoft® Windows® Operating System 56f0.5ef4: ProductVersion: 10.0.22000.1219 56f0.5ef4: FileVersion: 10.0.22000.1219 (WinBuild.160101.0800) 56f0.5ef4: FileDescription: Windows NT BASE API Client DLL 56f0.5ef4: \SystemRoot\System32\KernelBase.dll: 56f0.5ef4: CreationTime: 2022-11-09T23:46:00.173868600Z 56f0.5ef4: LastWriteTime: 2022-11-09T23:46:00.263888800Z 56f0.5ef4: ChangeTime: 2022-11-10T13:40:54.354991400Z 56f0.5ef4: FileAttributes: 0x20 56f0.5ef4: Size: 0x3822b8 56f0.5ef4: NT Headers: 0xf8 56f0.5ef4: Timestamp: 0x2a439301 56f0.5ef4: Machine: 0x8664 - amd64 56f0.5ef4: Timestamp: 0x2a439301 56f0.5ef4: Image Version: 10.0 56f0.5ef4: SizeOfImage: 0x37b000 (3649536) 56f0.5ef4: Resource Dir: 0x34b000 LB 0x548 56f0.5ef4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 56f0.5ef4: [Raw version resource data: 0x34b0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 56f0.5ef4: ProductName: Microsoft® Windows® Operating System 56f0.5ef4: ProductVersion: 10.0.22000.1165 56f0.5ef4: FileVersion: 10.0.22000.1165 (WinBuild.160101.0800) 56f0.5ef4: FileDescription: Windows NT BASE API Client DLL 56f0.5ef4: \SystemRoot\System32\apisetschema.dll: 56f0.5ef4: CreationTime: 2021-06-05T12:04:59.928787900Z 56f0.5ef4: LastWriteTime: 2021-06-05T12:04:59.928787900Z 56f0.5ef4: ChangeTime: 2022-11-09T23:47:09.633374300Z 56f0.5ef4: FileAttributes: 0x20 56f0.5ef4: Size: 0x24150 56f0.5ef4: NT Headers: 0xc8 56f0.5ef4: Timestamp: 0x68d1dbaf 56f0.5ef4: Machine: 0x8664 - amd64 56f0.5ef4: Timestamp: 0x68d1dbaf 56f0.5ef4: Image Version: 10.0 56f0.5ef4: SizeOfImage: 0x23000 (143360) 56f0.5ef4: Resource Dir: 0x22000 LB 0x408 56f0.5ef4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 56f0.5ef4: [Raw version resource data: 0x22060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 56f0.5ef4: ProductName: Microsoft® Windows® Operating System 56f0.5ef4: ProductVersion: 10.0.22000.1 56f0.5ef4: FileVersion: 10.0.22000.1 (WinBuild.160101.0800) 56f0.5ef4: FileDescription: ApiSet Schema DLL 56f0.5ef4: NtOpenDirectoryObject failed on \Driver: 0xc0000022 56f0.5ef4: supR3HardenedWinFindAdversaries: 0x4 56f0.5ef4: \SystemRoot\System32\drivers\aswMonFlt.sys: 56f0.5ef4: CreationTime: 2022-03-14T16:18:13.893635300Z 56f0.5ef4: LastWriteTime: 2022-11-01T13:01:12.555584300Z 56f0.5ef4: ChangeTime: 2022-11-01T13:01:12.555584300Z 56f0.5ef4: FileAttributes: 0x20 56f0.5ef4: Size: 0x43828 56f0.5ef4: NT Headers: 0xe0 56f0.5ef4: Timestamp: 0x634589ab 56f0.5ef4: Machine: 0x8664 - amd64 56f0.5ef4: Timestamp: 0x634589ab 56f0.5ef4: Image Version: 10.0 56f0.5ef4: SizeOfImage: 0x44000 (278528) 56f0.5ef4: Resource Dir: 0x42000 LB 0x3a0 56f0.5ef4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 56f0.5ef4: [Raw version resource data: 0x42060 LB 0x340, codepage 0x0 (reserved 0x0)] 56f0.5ef4: ProductName: Avast Antivirus 56f0.5ef4: ProductVersion: 22.10.441.0 56f0.5ef4: FileVersion: 22.10.441.0 56f0.5ef4: FileDescription: Avast File System Filter 56f0.5ef4: \SystemRoot\System32\drivers\aswRdr2.sys: 56f0.5ef4: CreationTime: 2022-03-14T16:18:13.891634800Z 56f0.5ef4: LastWriteTime: 2022-11-01T13:01:12.546789900Z 56f0.5ef4: ChangeTime: 2022-11-01T13:01:12.546789900Z 56f0.5ef4: FileAttributes: 0x20 56f0.5ef4: Size: 0x1bf20 56f0.5ef4: NT Headers: 0xe8 56f0.5ef4: Timestamp: 0x634589bb 56f0.5ef4: Machine: 0x8664 - amd64 56f0.5ef4: Timestamp: 0x634589bb 56f0.5ef4: Image Version: 10.0 56f0.5ef4: SizeOfImage: 0x1b000 (110592) 56f0.5ef4: Resource Dir: 0x19000 LB 0x388 56f0.5ef4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 56f0.5ef4: [Raw version resource data: 0x19060 LB 0x324, codepage 0x0 (reserved 0x0)] 56f0.5ef4: ProductName: Avast Antivirus 56f0.5ef4: ProductVersion: 22.10.441.0 56f0.5ef4: FileVersion: 22.10.441.0 56f0.5ef4: FileDescription: Avast Antivirus 56f0.5ef4: \SystemRoot\System32\drivers\aswRvrt.sys: 56f0.5ef4: CreationTime: 2022-03-14T16:18:13.894635600Z 56f0.5ef4: LastWriteTime: 2022-11-01T13:01:12.564474100Z 56f0.5ef4: ChangeTime: 2022-11-01T13:01:12.564474100Z 56f0.5ef4: FileAttributes: 0x20 56f0.5ef4: Size: 0x15f98 56f0.5ef4: NT Headers: 0xf0 56f0.5ef4: Timestamp: 0x634589ba 56f0.5ef4: Machine: 0x8664 - amd64 56f0.5ef4: Timestamp: 0x634589ba 56f0.5ef4: Image Version: 10.0 56f0.5ef4: SizeOfImage: 0x13000 (77824) 56f0.5ef4: Resource Dir: 0x11000 LB 0x380 56f0.5ef4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 56f0.5ef4: [Raw version resource data: 0x11060 LB 0x320, codepage 0x0 (reserved 0x0)] 56f0.5ef4: ProductName: Avast Antivirus 56f0.5ef4: ProductVersion: 22.10.441.0 56f0.5ef4: FileVersion: 22.10.441.0 56f0.5ef4: FileDescription: Avast Revert 56f0.5ef4: \SystemRoot\System32\drivers\aswSnx.sys: 56f0.5ef4: CreationTime: 2022-03-14T16:18:13.887634000Z 56f0.5ef4: LastWriteTime: 2022-11-01T13:01:10.962228800Z 56f0.5ef4: ChangeTime: 2022-11-01T13:01:10.962228800Z 56f0.5ef4: FileAttributes: 0x20 56f0.5ef4: Size: 0xd2ad8 56f0.5ef4: NT Headers: 0xf8 56f0.5ef4: Timestamp: 0x634589ce 56f0.5ef4: Machine: 0x8664 - amd64 56f0.5ef4: Timestamp: 0x634589ce 56f0.5ef4: Image Version: 10.0 56f0.5ef4: SizeOfImage: 0xce000 (843776) 56f0.5ef4: Resource Dir: 0xcb000 LB 0x388 56f0.5ef4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 56f0.5ef4: [Raw version resource data: 0xcb060 LB 0x324, codepage 0x0 (reserved 0x0)] 56f0.5ef4: ProductName: Avast Antivirus 56f0.5ef4: ProductVersion: 22.10.441.0 56f0.5ef4: FileVersion: 22.10.441.0 56f0.5ef4: FileDescription: Avast Antivirus 56f0.5ef4: \SystemRoot\System32\drivers\aswsp.sys: 56f0.5ef4: CreationTime: 2022-03-14T16:18:13.895636200Z 56f0.5ef4: LastWriteTime: 2022-11-01T13:01:12.572290600Z 56f0.5ef4: ChangeTime: 2022-11-01T13:01:12.572290600Z 56f0.5ef4: FileAttributes: 0x20 56f0.5ef4: Size: 0xa4210 56f0.5ef4: NT Headers: 0xf0 56f0.5ef4: Timestamp: 0x634589c0 56f0.5ef4: Machine: 0x8664 - amd64 56f0.5ef4: Timestamp: 0x634589c0 56f0.5ef4: Image Version: 10.0 56f0.5ef4: SizeOfImage: 0xa3000 (667648) 56f0.5ef4: Resource Dir: 0xa1000 LB 0x388 56f0.5ef4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 56f0.5ef4: [Raw version resource data: 0xa1060 LB 0x328, codepage 0x0 (reserved 0x0)] 56f0.5ef4: ProductName: Avast Antivirus 56f0.5ef4: ProductVersion: 22.10.441.0 56f0.5ef4: FileVersion: 22.10.441.0 56f0.5ef4: FileDescription: Avast Self Protection 56f0.5ef4: \SystemRoot\System32\drivers\aswStm.sys: 56f0.5ef4: CreationTime: 2022-11-01T13:01:14.321288500Z 56f0.5ef4: LastWriteTime: 2022-11-01T13:01:12.717884700Z 56f0.5ef4: ChangeTime: 2022-11-01T14:55:16.468424700Z 56f0.5ef4: FileAttributes: 0x20 56f0.5ef4: Size: 0x362f8 56f0.5ef4: NT Headers: 0xf0 56f0.5ef4: Timestamp: 0x634589cc 56f0.5ef4: Machine: 0x8664 - amd64 56f0.5ef4: Timestamp: 0x634589cc 56f0.5ef4: Image Version: 10.0 56f0.5ef4: SizeOfImage: 0x34000 (212992) 56f0.5ef4: Resource Dir: 0x32000 LB 0x390 56f0.5ef4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 56f0.5ef4: [Raw version resource data: 0x32060 LB 0x32c, codepage 0x0 (reserved 0x0)] 56f0.5ef4: ProductName: Avast Antivirus 56f0.5ef4: ProductVersion: 22.10.441.0 56f0.5ef4: FileVersion: 22.10.441.0 56f0.5ef4: FileDescription: Avast Stream Filter 56f0.5ef4: \SystemRoot\System32\drivers\aswVmm.sys: 56f0.5ef4: CreationTime: 2022-03-14T16:18:13.899636700Z 56f0.5ef4: LastWriteTime: 2022-11-01T13:01:12.958512000Z 56f0.5ef4: ChangeTime: 2022-11-01T13:01:12.958512000Z 56f0.5ef4: FileAttributes: 0x20 56f0.5ef4: Size: 0x500d8 56f0.5ef4: NT Headers: 0xf8 56f0.5ef4: Timestamp: 0x634589c5 56f0.5ef4: Machine: 0x8664 - amd64 56f0.5ef4: Timestamp: 0x634589c5 56f0.5ef4: Image Version: 10.0 56f0.5ef4: SizeOfImage: 0x4c000 (311296) 56f0.5ef4: Resource Dir: 0x4a000 LB 0x388 56f0.5ef4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 56f0.5ef4: [Raw version resource data: 0x4a060 LB 0x328, codepage 0x0 (reserved 0x0)] 56f0.5ef4: ProductName: Avast Antivirus 56f0.5ef4: ProductVersion: 22.10.441.0 56f0.5ef4: FileVersion: 22.10.441.0 56f0.5ef4: FileDescription: Avast VM Monitor 56f0.5ef4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox' 56f0.5ef4: Calling main() 56f0.5ef4: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 56f0.5ef4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox' 56f0.5ef4: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 56f0.5ef4: '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 56f0.5ef4: SUPR3HardenedMain: Final process, opening VBoxDrv... 56f0.5ef4: supR3HardenedEarlyCompact: Removed heap 1 (0x000184512c0000 LB 0x800000) 56f0.5ef4: supR3HardNtEnableThreadCreationEx: 56f0.5ef4: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSupLib.dll: Signature #1/2: info status: 24202 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSupLib.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (24202) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd0930000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (24202) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (24202) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd0930000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (24202) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd0930000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd0930000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\wintrust.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\wintrust.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\rpcrt4.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\msvcrt.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\msvcrt.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd4dd0000 LB 0x000a3000 C:\Windows\System32\msvcrt.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd57d0000 LB 0x00120000 C:\Windows\System32\RPCRT4.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd4790000 LB 0x00068000 C:\Windows\System32\Wintrust.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd49d0000 LB 0x00111000 C:\Windows\System32\ucrtbase.dll [fFlags=0x0] 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\ucrtbase.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\ucrtbase.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd4af0000 LB 0x00162000 C:\Windows\System32\CRYPT32.dll [fFlags=0x0] 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\crypt32.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\crypt32.dll 56f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-synch-l1-2-0' 56f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-fibers-l1-1-1' 56f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-synch-l1-2-0' 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\msasn1.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\msasn1.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd3cc0000 LB 0x00012000 C:\Windows\SYSTEM32\MSASN1.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4790000 'C:\Windows\system32\Wintrust.dll' 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\bcrypt.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\bcrypt.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd3df0000 LB 0x00027000 C:\Windows\system32\bcrypt.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3df0000 'C:\Windows\system32\bcrypt.dll' 56f0.5ef4: bcrypt.dll loaded at 00007ffdd3df0000, BCryptOpenAlgorithmProvider at 00007ffdd3df5a30, preloading providers: 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\bcryptprimitives.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\bcryptprimitives.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd4950000 LB 0x0007f000 C:\Windows\System32\bcryptprimitives.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4950000 'C:\Windows\system32\bcryptprimitives.dll' 56f0.5ef4: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000018451c70d40) 56f0.5ef4: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000018451c738e0) 56f0.5ef4: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000018451c73c30) 56f0.5ef4: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000018451c73f80) 56f0.5ef4: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000018451c742d0) 56f0.5ef4: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000018451c74620) 56f0.5ef4: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000018451c74970) 56f0.5ef4: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000018451c74cc0) 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\cryptsp.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\cryptsp.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd3c60000 LB 0x00018000 C:\Windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\rsaenh.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\rsaenh.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd34e0000 LB 0x00035000 C:\Windows\system32\rsaenh.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\cryptbase.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\cryptbase.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd3c80000 LB 0x0000c000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd5270000 'C:\Windows\System32\kernel32.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4790000 'C:\Windows\System32\WINTRUST.DLL' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\CRYPT32.dll' 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd5430000 LB 0x0001f000 C:\Windows\System32\imagehlp.dll [fFlags=0x0] 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\imagehlp.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\imagehlp.dll 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd5020000 LB 0x0009e000 C:\Windows\System32\sechost.dll [fFlags=0x0] 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\sechost.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\sechost.dll 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\gpapi.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\gpapi.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd3ab0000 LB 0x00024000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\gpapi.dll [lacks WinVerifyTrust] 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\profapi.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\profapi.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd4340000 LB 0x00021000 C:\Windows\SYSTEM32\profapi.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\profapi.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\cryptnet.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\cryptnet.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume8\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdcc180000 LB 0x00031000 C:\Windows\System32\cryptnet.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcc180000 'C:\Windows\System32\cryptnet.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcc180000 'C:\Windows\System32\cryptnet.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcc180000 'C:\Windows\System32\cryptnet.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcc180000 'C:\Windows\System32\cryptnet.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcc180000 'C:\Windows\System32\cryptnet.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcc180000 'C:\Windows\System32\cryptnet.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcc180000 'C:\Windows\System32\cryptnet.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcc180000 'C:\Windows\System32\cryptnet.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcc180000 'C:\Windows\System32\cryptnet.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcc180000 'C:\Windows\System32\cryptnet.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcc180000 'C:\Windows\System32\cryptnet.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcc180000 'C:\Windows\System32\cryptnet.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcc180000 'C:\Windows\System32\cryptnet.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd4e80000 LB 0x000ae000 C:\Windows\System32\advapi32.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\advapi32.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\advapi32.dll 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume8\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\sechost.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000018451cfa530 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000018451cfa530 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DA3EE57CCA65BA0083DDAF4B9E4A6F94689A5B2F 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd57d0000 'C:\Windows\System32\rpcrt4.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0415~31bf3856ad364e35~amd64~~10.0.22000.1098.cat'; file='\SystemRoot\System32\ntdll.dll' 56f0.5ef4: g_pfnWinVerifyTrust=00007ffdd47a04d0 56f0.5ef4: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\crypt32.dll [redoing WinVerifyTrust] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wintrust.dll [redoing WinVerifyTrust] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\crypt32.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\wintrust.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\advapi32.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\cryptnet.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\profapi.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\gpapi.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\sechost.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\imagehlp.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\cryptbase.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\crypt32.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\rsaenh.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\cryptsp.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\bcryptprimitives.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\bcrypt.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\msasn1.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\ucrtbase.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSupLib.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\KernelBase.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\kernel32.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\system32\crypt32.dll' 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x519cd9e7ee94e200 OU=generated by Avast Antivirus for SSL/TLS scanning, O=Avast Web/Mail Shield, CN=Avast Web/Mail Shield Root 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x5d583f333e42c000 CN=Harveys_PC 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp. 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x3d993fde1950a700 C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xbbde687390e6bf00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x3714f47324e8ad00 C=US, O=Internet Security Research Group, CN=ISRG Root X1 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xb3d6d6c9f168c800 C=FR, O=Dhimyotis, CN=Certigna 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x4ef92ac43a0cd500 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xf966ca73e8079500 OU=GlobalSign Root CA - R6, O=GlobalSign, CN=GlobalSign 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048) 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xe87add30c52db600 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Code Signing Root R45 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x7b3081c535b843ae C=US, O=Google Trust Services LLC, CN=GTS Root R4 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xb9ff821d139e9bf OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA 56f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root 56f0.5ef4: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=54 56f0.5ef4: SUPR3HardenedMain: Load Runtime... 56f0.5ef4: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxRT.dll: Signature #1/2: info status: 24202 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxRT.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume8\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\ws2_32.dll) WinVerifyTrust 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\ws2_32.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rpcrt4.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rpcrt4.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\msvcp140.dll) WinVerifyTrust 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\msvcp140.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\vcruntime140.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\crypt32.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll) WinVerifyTrust 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140.dll [redoing WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01: [calling] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxRT.dll 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140.dll 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp140.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdb28b0000 LB 0x0001b000 C:\Windows\SYSTEM32\VCRUNTIME140.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdb28a0000 LB 0x0000c000 C:\Windows\SYSTEM32\VCRUNTIME140_1.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdb28d0000 LB 0x0008e000 C:\Windows\SYSTEM32\MSVCP140.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp140.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd58f0000 LB 0x0006f000 C:\Windows\System32\WS2_32.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\ws2_32.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffcf4db0000 LB 0x006c6000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxRT.dll 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-synch-l1-2-0' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-fibers-l1-1-1' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-synch-l1-2-0' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-fibers-l1-1-1' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\kernel32.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd5270000 'C:\Windows\System32\kernel32.dll' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-string-l1-1-0' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-localization-l1-2-1' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-datetime-l1-1-1' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-localization-obsolete-l1-2-0' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxRT.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxRT.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxRT.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxRT.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxRT.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxRT.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxRT.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxRT.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wintrust.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4790000 'C:\Windows\system32\Wintrust.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\system32\crypt32.dll' 56f0.5ef4: SUPR3HardenedMain: Load TrustedMain... 56f0.648: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-appmodel-runtime-l1-1-2) -> 0x0, fPresent=1 56f0.648: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-appmodel-runtime-l1-1-2 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.648: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcrt.dll'. 56f0.648: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\kernel.appcore.dll) 56f0.648: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\kernel.appcore.dll 56f0.648: supR3HardenedDllNotificationCallback: load 00007ffdd3580000 LB 0x00018000 C:\Windows\SYSTEM32\kernel.appcore.dll [fFlags=0x0] 56f0.648: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust] 56f0.648: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3580000 'api-ms-win-appmodel-runtime-l1-1-2' 56f0.648: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 56f0.648: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 56f0.648: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcrt.dll 56f0.648: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.648: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.648: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\kernel.appcore.dll' 56f0.5ef4: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll: Signature #1/2: info status: 24202 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'uicommon.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vcruntime140.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcp140.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'ole32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'oleaut32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume8\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\winmm.dll) WinVerifyTrust 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\winmm.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume8\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcrt.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\oleaut32.dll) WinVerifyTrust 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\oleaut32.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume8\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rpcrt4.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume8\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\combase.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\combase.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\combase.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\msvcp_win.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rpcrt4.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'gdi32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'user32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'combase.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\ole32.dll) WinVerifyTrust 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\ole32.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume8\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\combase.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\user32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\user32.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\user32.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\gdi32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'win32u.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\gdi32.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\gdi32.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume8\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\win32u.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\win32u.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\win32u.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume8\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\win32u.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\user32.dll) WinVerifyTrust 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume8\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\win32u.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5guivbox.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5corevbox.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'uxtheme.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'dwmapi.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcp140.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'msvcp140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'vcruntime140.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'vcruntime140_1.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll: Signature #1/2: info status: 24202 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140_1.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp140_1.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\msvcp140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp140.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\msvcp140_1.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\msvcp140_1.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp140.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\user32.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume8\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\ole32.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume8\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\shell32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #71 'user32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #73 'gdi32.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\shell32.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\shell32.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume8\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\dwmapi.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'win32u.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\dwmapi.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\dwmapi.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume8\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: Detected WinVerifyTrust recursion: rc=22900 '\Device\HarddiskVolume8\Windows\System32\uxtheme.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'gdi32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'user32.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume8\Windows\System32\uxtheme.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\uxtheme.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll: Signature #1/2: info status: 24202 56f0.5ef4: Detected WinVerifyTrust recursion: rc=24202 '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'mpr.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'userenv.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'version.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'netapi32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shell32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'winmm.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp140.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcp140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'vcruntime140.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'vcruntime140_1.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll: Signature #1/2: info status: 24202 56f0.5ef4: Detected WinVerifyTrust recursion: rc=24202 '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'd3d11.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'dxgi.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'opengl32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp140.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'vcruntime140.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'vcruntime140_1.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp140.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\user32.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume8\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: Detected WinVerifyTrust recursion: rc=22900 '\Device\HarddiskVolume8\Windows\System32\opengl32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'glu32.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume8\Windows\System32\opengl32.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\opengl32.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume8\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\ole32.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (24202) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume8\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\dxgi.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\dxgi.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\dxgi.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume8\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\d3d11.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dxgi.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'win32u.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\d3d11.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\d3d11.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140_1.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp140_1.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp140_1.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp140.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume8\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\winmm.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\user32.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume8\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\shell32.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume8\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\ole32.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\advapi32.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume8\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\ws2_32.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netapi32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'netapi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\netapi32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\netapi32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\netapi32.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\netapi32.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume8\Windows\System32\version.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\version.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\version.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\version.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume8\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\userenv.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\userenv.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\userenv.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume8\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\mpr.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\mpr.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\mpr.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\user32.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\user32.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume8\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\win32u.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\user32.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp140.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcrt.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcrt.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume8\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\win32u.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume8\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\dxgi.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume8\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\win32u.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume8\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: Detected WinVerifyTrust recursion: rc=22900 '\Device\HarddiskVolume8\Windows\System32\glu32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume8\Windows\System32\glu32.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\glu32.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\user32.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\advapi32.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume8\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (22900) on \Device\HarddiskVolume8\Windows\System32\opengl32.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\user32.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'd3d11.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'dxgi.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'opengl32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp140.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'vcruntime140.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'vcruntime140_1.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (24202) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp140.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\user32.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume8\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (22900) on \Device\HarddiskVolume8\Windows\System32\opengl32.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume8\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\ole32.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (24202) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume8\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\dxgi.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume8\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\d3d11.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp140.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\UICommon.dll: Signature #1/2: info status: 24202 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vcruntime140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5guivbox.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5widgetsvbox.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5helpvbox.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'advapi32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'ole32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'oleaut32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\UICommon.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume8\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\oleaut32.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume8\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\ole32.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\advapi32.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\user32.dll [redoing WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\user32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5helpvbox.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5helpvbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5helpvbox.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5HelpVBox.dll: Signature #1/2: info status: 24202 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5sqlvbox.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'vcruntime140.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5HelpVBox.dll) WinVerifyTrust 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5HelpVBox.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (24202) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5sqlvbox.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5sqlvbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5sqlvbox.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll: Signature #1/2: info status: 24202 56f0.5ef4: Detected WinVerifyTrust recursion: rc=24202 '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5corevbox.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vcruntime140.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (24202) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01: [calling] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\UICommon.dll 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\winmm.dll 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5HelpVBox.dll 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\mpr.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\userenv.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\version.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\netapi32.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp140_1.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\d3d11.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\dxgi.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (22900) on \Device\HarddiskVolume8\Windows\System32\opengl32.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (22900) on \Device\HarddiskVolume8\Windows\System32\uxtheme.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (24202) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (22900) on \Device\HarddiskVolume8\Windows\System32\glu32.dll [avoiding WinVerifyTrust] 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\netutils.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\netutils.dll 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\DXCore.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\DXCore.dll 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\srvcli.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\srvcli.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdc2dd0000 LB 0x0001d000 C:\Windows\SYSTEM32\MPR.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\mpr.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd3b10000 LB 0x00029000 C:\Windows\SYSTEM32\USERENV.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\userenv.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdcc980000 LB 0x0000a000 C:\Windows\SYSTEM32\VERSION.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\version.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdb8b50000 LB 0x00019000 C:\Windows\SYSTEM32\NETAPI32.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\netapi32.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd4d20000 LB 0x0009d000 C:\Windows\System32\msvcp_win.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd4920000 LB 0x00026000 C:\Windows\System32\win32u.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\win32u.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd5620000 LB 0x001ad000 C:\Windows\System32\USER32.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd4800000 LB 0x00118000 C:\Windows\System32\gdi32full.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'user32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'win32u.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\gdi32full.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\gdi32full.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd6e70000 LB 0x00029000 C:\Windows\System32\GDI32.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\gdi32.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd5c20000 LB 0x00378000 C:\Windows\System32\combase.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\combase.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd6be0000 LB 0x0019a000 C:\Windows\System32\ole32.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\ole32.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd6420000 LB 0x007b8000 C:\Windows\System32\SHELL32.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\shell32.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdc77b0000 LB 0x00033000 C:\Windows\SYSTEM32\WINMM.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\winmm.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffd5d410000 LB 0x00009000 C:\Windows\SYSTEM32\MSVCP140_1.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp140_1.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd31c0000 LB 0x0000c000 C:\Windows\SYSTEM32\NETUTILS.DLL [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\netutils.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdce990000 LB 0x00028000 C:\Windows\SYSTEM32\SRVCLI.DLL [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\srvcli.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffcf4160000 LB 0x005c6000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd1720000 LB 0x000f3000 C:\Windows\SYSTEM32\dxgi.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\dxgi.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdcd760000 LB 0x00280000 C:\Windows\SYSTEM32\d3d11.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\d3d11.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd1860000 LB 0x00038000 C:\Windows\SYSTEM32\dxcore.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\DXCore.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdc1260000 LB 0x0002d000 C:\Windows\SYSTEM32\GLU32.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (22900) on \Device\HarddiskVolume8\Windows\System32\glu32.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdbea10000 LB 0x00101000 C:\Windows\SYSTEM32\OPENGL32.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (22900) on \Device\HarddiskVolume8\Windows\System32\opengl32.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffcf4730000 LB 0x0067c000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd15f0000 LB 0x000ac000 C:\Windows\SYSTEM32\UxTheme.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (22900) on \Device\HarddiskVolume8\Windows\System32\uxtheme.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd18e0000 LB 0x0002f000 C:\Windows\SYSTEM32\dwmapi.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffcf1790000 LB 0x00541000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdaf670000 LB 0x00036000 C:\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (24202) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdc11f0000 LB 0x0006a000 C:\Program Files\Oracle\VirtualBox\Qt5HelpVBox.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5HelpVBox.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd5540000 LB 0x000d6000 C:\Windows\System32\OLEAUT32.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\oleaut32.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffcf1ce0000 LB 0x01bd6000 C:\Program Files\Oracle\VirtualBox\UICommon.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\UICommon.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffd92c20000 LB 0x00146000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\imm32.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\imm32.dll 56f0.5ef4: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 000000000000050c (hFile=0000000000000534) with 0xc0000022 -> STATUS_TRUST_FAILURE 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\imm32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\imm32.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\gdi32full.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\gdi32full.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\srvcli.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\srvcli.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\DXCore.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\DXCore.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\netutils.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\netutils.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=24202 '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume8\Windows\System32\glu32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\glu32.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\mpr.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\mpr.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\userenv.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\userenv.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\version.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\version.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\netapi32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\netapi32.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\d3d11.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\d3d11.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\dxgi.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\dxgi.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume8\Windows\System32\opengl32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\opengl32.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume8\Windows\System32\uxtheme.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\uxtheme.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\dwmapi.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\dwmapi.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\shell32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\shell32.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\msvcp140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\msvcp140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\win32u.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\win32u.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\gdi32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\combase.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\combase.dll' [rescheduled] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\imm32.dll [redoing WinVerifyTrust] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\imm32.dll'. 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume8\Windows\System32\imm32.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume8\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\win32u.dll [redoing WinVerifyTrust] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\win32u.dll'. 56f0.5ef4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume8\Windows\System32\win32u.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume8\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\win32u.dll [redoing WinVerifyTrust] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\win32u.dll'. 56f0.5ef4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume8\Windows\System32\win32u.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\gdi32.dll [redoing WinVerifyTrust] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\gdi32.dll'. 56f0.5ef4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume8\Windows\System32\gdi32.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll'. 56f0.5ef4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume8\Windows\System32\msvcp_win.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume8\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\win32u.dll [redoing WinVerifyTrust] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\win32u.dll'. 56f0.5ef4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume8\Windows\System32\win32u.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll'. 56f0.5ef4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume8\Windows\System32\msvcp_win.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd53f0000 LB 0x00032000 C:\Windows\System32\IMM32.DLL [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\imm32.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd53f0000 'C:\Windows\system32\IMM32.DLL' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\imm32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\imm32.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\gdi32full.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\gdi32full.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\srvcli.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\srvcli.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\DXCore.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\DXCore.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\netutils.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\netutils.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=24202 '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume8\Windows\System32\glu32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\glu32.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\mpr.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\mpr.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\userenv.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\userenv.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\version.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\version.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\netapi32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\netapi32.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\d3d11.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\d3d11.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\dxgi.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\dxgi.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume8\Windows\System32\opengl32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\opengl32.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume8\Windows\System32\uxtheme.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\uxtheme.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\dwmapi.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\dwmapi.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\shell32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\shell32.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\msvcp140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\msvcp140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\win32u.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\win32u.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\gdi32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\combase.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\combase.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\imm32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\imm32.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\gdi32full.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\gdi32full.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\srvcli.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\srvcli.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\DXCore.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\DXCore.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\netutils.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\netutils.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=24202 '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume8\Windows\System32\glu32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\glu32.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\mpr.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\mpr.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\userenv.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\userenv.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\version.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\version.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\netapi32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\netapi32.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\d3d11.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\d3d11.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\dxgi.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\dxgi.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume8\Windows\System32\opengl32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\opengl32.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume8\Windows\System32\uxtheme.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\uxtheme.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\dwmapi.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\dwmapi.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\shell32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\shell32.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\msvcp140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\msvcp140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\win32u.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\win32u.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\gdi32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\combase.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\combase.dll' [rescheduled] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\gdi32.dll [redoing WinVerifyTrust] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\gdi32.dll'. 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume8\Windows\System32\gdi32.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd6e70000 'C:\Windows\System32\gdi32.dll' 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\imm32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\imm32.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\gdi32full.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\gdi32full.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\srvcli.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\srvcli.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\DXCore.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\DXCore.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\netutils.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\netutils.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=24202 '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume8\Windows\System32\glu32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\glu32.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\mpr.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\mpr.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\userenv.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\userenv.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\version.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\version.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\netapi32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\netapi32.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\d3d11.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\d3d11.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\dxgi.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\dxgi.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume8\Windows\System32\opengl32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\opengl32.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume8\Windows\System32\uxtheme.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\uxtheme.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\dwmapi.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\dwmapi.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\shell32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\shell32.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\msvcp140_1.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\msvcp140_1.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\win32u.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\win32u.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\gdi32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' [rescheduled] 56f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\combase.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\combase.dll' [rescheduled] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd92c20000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\imm32.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\gdi32full.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\srvcli.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\DXCore.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\netutils.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a8 pwszName=\Device\HarddiskVolume8\Windows\System32\glu32.dll 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000018451cfa530 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000018451cfa530 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=35CCC7F41EDAC7A4EA200430FA0A6A9ED3C49FF0 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-OpenGL-Package~31bf3856ad364e35~amd64~~10.0.22000.1042.cat'; file='\Device\HarddiskVolume8\Windows\System32\glu32.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\glu32.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\mpr.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\userenv.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\version.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\netapi32.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\d3d11.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\dxgi.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003c8 pwszName=\Device\HarddiskVolume8\Windows\System32\opengl32.dll 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000018451cfa530 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000018451cfa530 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=92B86B56C90F901769146039B93EE834B7D43EE0 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\crypt32.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-OpenGL-Package~31bf3856ad364e35~amd64~~10.0.22000.1042.cat'; file='\Device\HarddiskVolume8\Windows\System32\opengl32.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\opengl32.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000474 pwszName=\Device\HarddiskVolume8\Windows\System32\uxtheme.dll 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000018451cfa530 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000018451cfa530 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F0956825C524685A46260DF18D53678E8A3E6BF3 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.22000.1098.cat'; file='\Device\HarddiskVolume8\Windows\System32\uxtheme.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\uxtheme.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\dwmapi.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\shell32.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\msvcp140_1.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\win32u.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\combase.dll' 56f0.5ef4: SUPR3HardenedMain: Calling TrustedMain (00007ffd92c21c90)... 56f0.5ef4: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\platforms\qwindows.dll: Signature #1/2: info status: 24202 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'dwmapi.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'imm32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'wtsapi32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5guivbox.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5corevbox.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'winmm.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp140.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'vcruntime140.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'vcruntime140_1.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\platforms\qwindows.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume8\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\winmm.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume8\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\shell32.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume8\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\ole32.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\wtsapi32.dll) WinVerifyTrust 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\wtsapi32.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume8\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\oleaut32.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume8\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\imm32.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume8\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\dwmapi.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\platforms\qwindows.dll 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wtsapi32.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdcef90000 LB 0x00014000 C:\Windows\SYSTEM32\WTSAPI32.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wtsapi32.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffda5c60000 LB 0x00161000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\platforms\qwindows.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda5c60000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'bcryptprimitives.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #51 'combase.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume8\Windows\System32\rpcss.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\rpcss.dll 56f0.5ef4: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000680 (hFile=0000000000000660) with 0xc0000022 -> STATUS_TRUST_FAILURE 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000688 pwszName=\Device\HarddiskVolume8\Windows\System32\rpcss.dll 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000018451cfa530 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000018451cfa530 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=350C1E935AC1646AF9FF53AA05008D148C2318BB 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume8\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\combase.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume8\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\bcryptprimitives.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0415~31bf3856ad364e35~amd64~~10.0.22000.1219.cat'; file='\Device\HarddiskVolume8\Windows\System32\rpcss.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\rpcss.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\uxtheme.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd15f0000 'C:\Windows\system32\uxtheme.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd5620000 'C:\Windows\system32\user32.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\SHCore.dll) WinVerifyTrust 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\SHCore.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp_win.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd5450000 LB 0x000ea000 C:\Windows\System32\SHCore.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\SHCore.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd5450000 'C:\Windows\system32\SHCore.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\shell32.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd6420000 'C:\Windows\system32\shell32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\windows.storage.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\windows.storage.dll 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\WinTypes.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\WinTypes.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd23a0000 LB 0x00166000 C:\Windows\SYSTEM32\wintypes.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd2510000 LB 0x00865000 C:\Windows\SYSTEM32\windows.storage.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\windows.storage.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd5330000 LB 0x0005d000 C:\Windows\System32\shlwapi.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\shlwapi.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\shlwapi.dll 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\powrprof.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\powrprof.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd2d90000 LB 0x0004d000 C:\Windows\SYSTEM32\powrprof.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\powrprof.dll [avoiding WinVerifyTrust] 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\umpdc.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\umpdc.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd2e80000 LB 0x00013000 C:\Windows\SYSTEM32\UMPDC.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\umpdc.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume8\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\combase.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp_win.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume8\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\combase.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\umpdc.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\powrprof.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\shlwapi.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\WinTypes.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\windows.storage.dll' 56f0.5ef4: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll: Signature #1/2: info status: 24202 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'uxtheme.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'vcruntime140.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'vcruntime140_1.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll) WinVerifyTrust 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume8\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\uxtheme.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdbdfa0000 LB 0x00026000 C:\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdbdfa0000 'C:\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'user32.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\comctl32.dll) WinVerifyTrust 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\comctl32.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\user32.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000004001: [calling] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\comctl32.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdc1990000 LB 0x002a5000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\comctl32.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\comctl32.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc1990000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\comctl32.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\comctl32.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000004001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc1990000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\comctl32.dll' 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\WindowsCodecs.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\WindowsCodecs.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdcca90000 LB 0x001ae000 C:\Windows\SYSTEM32\WindowsCodecs.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\WindowsCodecs.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd5b30000 LB 0x000b5000 C:\Windows\System32\clbcatq.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\clbcatq.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\clbcatq.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcrt.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\clbcatq.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\WindowsCodecs.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\thumbcache.dll) WinVerifyTrust 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\thumbcache.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\thumbcache.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\thumbcache.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffd9a830000 LB 0x00066000 C:\Windows\System32\thumbcache.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\thumbcache.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9a830000 'C:\Windows\System32\thumbcache.dll' 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rpcss.dll 56f0.5ef4: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000007f8 (hFile=00000000000007fc) with 0xc0000022 -> STATUS_TRUST_FAILURE 56f0.5844: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxC.dll: Signature #1/2: info status: 24202 56f0.5844: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5844: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5844: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'. 56f0.5844: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'. 56f0.5844: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'. 56f0.5844: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'. 56f0.5844: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'advapi32.dll'. 56f0.5844: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'ole32.dll'. 56f0.5844: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'. 56f0.5844: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust 56f0.5844: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxC.dll 56f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 56f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume8\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 56f0.5844: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\oleaut32.dll 56f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 56f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume8\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 56f0.5844: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\ole32.dll 56f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 56f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 56f0.5844: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\advapi32.dll 56f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 56f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 56f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'... 56f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008] 56f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'... 56f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008] 56f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 56f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 56f0.5844: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 56f0.5844: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxC.dll 56f0.5844: supR3HardenedDllNotificationCallback: load 00007ffcf3d80000 LB 0x003d8000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0] 56f0.5844: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxC.dll 56f0.5844: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3d80000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll' 56f0.5844: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll: Signature #1/2: info status: 24202 56f0.5844: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5844: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5844: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'. 56f0.5844: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 56f0.5844: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'. 56f0.5844: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'shlwapi.dll'. 56f0.5844: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'. 56f0.5844: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'. 56f0.5844: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'. 56f0.5844: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust 56f0.5844: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll 56f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 56f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 56f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 56f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume8\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 56f0.5844: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\oleaut32.dll 56f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 56f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume8\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 56f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 56f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume8\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 56f0.5844: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\shlwapi.dll 56f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 56f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 56f0.5844: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\advapi32.dll 56f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 56f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 56f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 56f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 56f0.5844: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 56f0.5844: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll 56f0.5844: supR3HardenedDllNotificationCallback: load 00007ffdaf590000 LB 0x000db000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0] 56f0.5844: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll 56f0.5844: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdaf590000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll' 56f0.5844: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\oleaut32.dll 56f0.5844: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 56f0.5844: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd5540000 'C:\Windows\system32\oleaut32.dll' 56f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.bc0: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll: Signature #1/2: info status: 24202 56f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'. 56f0.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140.dll'. 56f0.bc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust 56f0.bc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll 56f0.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 56f0.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 56f0.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 56f0.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 56f0.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.bc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll 56f0.bc0: supR3HardenedDllNotificationCallback: load 00007ffdcca70000 LB 0x00009000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0] 56f0.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll 56f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcca70000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL' 56f0.bc0: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxVMM.dll: Signature #1/2: info status: 24202 56f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'. 56f0.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'. 56f0.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 56f0.bc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust 56f0.bc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxVMM.dll 56f0.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 56f0.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 56f0.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'... 56f0.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008] 56f0.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 56f0.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 56f0.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.bc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxVMM.dll 56f0.bc0: supR3HardenedDllNotificationCallback: load 00007ffce37b0000 LB 0x004d1000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0] 56f0.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxVMM.dll 56f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce37b0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL' 56f0.5ef4: '\Device\HarddiskVolume8\Windows\System32\tzres.dll' has no imports 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume8\Windows\System32\tzres.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\tzres.dll 56f0.5ef4: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000cc0 (hFile=0000000000000c88) with 0xc0000022 -> STATUS_TRUST_FAILURE 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (22900) on \Device\HarddiskVolume8\Windows\System32\tzres.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000c88 (hFile=0000000000000cc0) with 0xc0000022 -> STATUS_TRUST_FAILURE 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bdc pwszName=\Device\HarddiskVolume8\Windows\System32\tzres.dll 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000018451cfa530 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000018451cfa530 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A6D22862B025BB118DBBCFB82E5931E1B3439650 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0415~31bf3856ad364e35~amd64~~10.0.22000.1219.cat'; file='\Device\HarddiskVolume8\Windows\System32\tzres.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\tzres.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\oleaut32.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd5540000 'C:\Windows\System32\oleaut32.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cb4 pwszName=\Device\HarddiskVolume8\Windows\System32\DWrite.dll 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000018451cfa530 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000018451cfa530 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8AE5D5BE47C4C094784D740DD813A46A9A210B4C 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-Graphics-DirectX-Package~31bf3856ad364e35~amd64~~10.0.22000.1165.cat'; file='\Device\HarddiskVolume8\Windows\System32\DWrite.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\DWrite.dll) WinVerifyTrust 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\DWrite.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rpcrt4.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwrite.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\DWrite.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdb68d0000 LB 0x0025f000 C:\Windows\system32\dwrite.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\DWrite.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdb68d0000 'C:\Windows\system32\dwrite.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\gdi32.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd6e70000 'C:\Windows\system32\gdi32.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'win32u.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'dwmapi.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\d3d9.dll) WinVerifyTrust 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\d3d9.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume8\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\dwmapi.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume8\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\d3d9.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\d3d9.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdc59d0000 LB 0x001a6000 C:\Windows\system32\d3d9.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\d3d9.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc59d0000 'C:\Windows\system32\d3d9.dll' 56f0.5ef4: \Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvldumdx.dll: Owner is administrators group. 56f0.5ef4: \Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvldumdx.dll: Signature #1/2: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x632b4213; retrying against current time: 0x638808ff. 56f0.5ef4: \Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvldumdx.dll: Signature #1/2: VERR_CR_X509_CPV_NOT_VALID_AT_TIME (-23033) w/ timestamp=0x638808ff/now. 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'version.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvldumdx.dll) WinVerifyTrust 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvldumdx.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume8\Windows\System32\version.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\version.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvldumdx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvldumdx.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdcbb00000 LB 0x00117000 C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvldumdx.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvldumdx.dll 56f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-synch-l1-2-0' 56f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-fibers-l1-1-1' 56f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-synch-l1-2-0' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\kernel32.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd5270000 'C:\Windows\System32\kernel32.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcbb00000 'C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvldumdx.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msasn1.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msasn1.dll (Input=msasn1.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3cc0000 'C:\Windows\System32\msasn1.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcc180000 'C:\Windows\System32\cryptnet.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\drvstore.dll) WinVerifyTrust 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\drvstore.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\drvstore.dll (Input=drvstore.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\drvstore.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdcbfc0000 LB 0x00149000 C:\Windows\System32\drvstore.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\drvstore.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcbfc0000 'C:\Windows\System32\drvstore.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'cfgmgr32.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\devobj.dll) WinVerifyTrust 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\devobj.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume8\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\cfgmgr32.dll) WinVerifyTrust 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\cfgmgr32.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\devobj.dll (Input=devobj.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\devobj.dll 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cfgmgr32.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd4110000 LB 0x0004c000 C:\Windows\SYSTEM32\cfgmgr32.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cfgmgr32.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd40e0000 LB 0x0002c000 C:\Windows\System32\devobj.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\devobj.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd40e0000 'C:\Windows\System32\devobj.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\wldp.dll) WinVerifyTrust 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\wldp.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wldp.dll (Input=wldp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wldp.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd3d30000 LB 0x00041000 C:\Windows\System32\wldp.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wldp.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3d30000 'C:\Windows\System32\wldp.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptbase.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3c80000 'C:\Windows\System32\cryptbase.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wintrust.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wintrust.dll (Input=wintrust.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4790000 'C:\Windows\System32\wintrust.dll' 56f0.5ef4: \Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvd3dumx_cfg.dll: Owner is administrators group. 56f0.5ef4: \Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvd3dumx_cfg.dll: Signature #1/2: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x632b40f0; retrying against current time: 0x63880900. 56f0.5ef4: \Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvd3dumx_cfg.dll: Signature #1/2: VERR_CR_X509_CPV_NOT_VALID_AT_TIME (-23033) w/ timestamp=0x63880900/now. 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'version.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvd3dumx_cfg.dll) WinVerifyTrust 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvd3dumx_cfg.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume8\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\winmm.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\advapi32.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume8\Windows\System32\version.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\version.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvd3dumx_cfg.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvd3dumx_cfg.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffd03c00000 LB 0x01843000 C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvd3dumx_cfg.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvd3dumx_cfg.dll 56f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-synch-l1-2-0' 56f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-fibers-l1-1-1' 56f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-synch-l1-2-0' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\kernel32.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd5270000 'C:\Windows\System32\kernel32.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd03c00000 'C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvd3dumx_cfg.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\D3D12.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\D3D12.dll 56f0.5ef4: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000c98 (hFile=0000000000000d70) with 0xc0000022 -> STATUS_TRUST_FAILURE 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\D3D12.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000d70 (hFile=0000000000000c98) with 0xc0000022 -> STATUS_TRUST_FAILURE 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcp_win.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\directxdatabasehelper.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\directxdatabasehelper.dll 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\ntmarta.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\ntmarta.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd35a0000 LB 0x00034000 C:\Windows\SYSTEM32\ntmarta.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdced10000 LB 0x00044000 C:\Windows\SYSTEM32\directxdatabasehelper.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\directxdatabasehelper.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp_win.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\ntmarta.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\directxdatabasehelper.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\D3D12.dll' 56f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-core-resourcepolicy-l1-1-0.dll) -> 0x0, fPresent=1 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-core-resourcepolicy-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\ResourcePolicyClient.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\ResourcePolicyClient.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd1910000 LB 0x00015000 C:\Windows\SYSTEM32\resourcepolicyclient.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\ResourcePolicyClient.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd1910000 'ext-ms-win-core-resourcepolicy-l1-1-0.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\ResourcePolicyClient.dll' 56f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffdd1910000 LB 0x00015000 C:\Windows\SYSTEM32\resourcepolicyclient.dll [flags=0x0] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd6e70000 'C:\Windows\System32\gdi32.dll' 56f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffd03c00000 LB 0x01843000 C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvd3dumx_cfg.dll [flags=0x0] 56f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffdcbfc0000 LB 0x00149000 C:\Windows\System32\drvstore.dll [flags=0x0] 56f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffdd40e0000 LB 0x0002c000 C:\Windows\System32\devobj.dll [flags=0x0] 56f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffdd4110000 LB 0x0004c000 C:\Windows\SYSTEM32\cfgmgr32.dll [flags=0x0] 56f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffdd3d30000 LB 0x00041000 C:\Windows\System32\wldp.dll [flags=0x0] 56f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffdcbb00000 LB 0x00117000 C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvldumdx.dll [flags=0x0] 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd5150000 LB 0x0011d000 C:\Windows\System32\MSCTF.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\msctf.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\msctf.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\msctf.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d60 pwszName=\Device\HarddiskVolume8\Windows\System32\DataExchange.dll 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000018451cfa530 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000018451cfa530 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=101A03863CE4DE896B456ABD0FCE21AF048BCA12 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-AppRuntime-merged-Package~31bf3856ad364e35~amd64~~10.0.22000.1219.cat'; file='\Device\HarddiskVolume8\Windows\System32\DataExchange.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'msvcp_win.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\DataExchange.dll) WinVerifyTrust 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\DataExchange.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\DataExchange.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffd9b2e0000 LB 0x0005d000 C:\Windows\system32\dataexchange.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\DataExchange.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9b2e0000 'C:\Windows\system32\dataexchange.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'combase.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'msvcp_win.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\twinapi.appcore.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\twinapi.appcore.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdcbc20000 LB 0x00266000 C:\Windows\system32\twinapi.appcore.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume8\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\combase.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\twinapi.appcore.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\SHCore.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd5450000 'C:\Windows\system32\Shcore.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\TextInputFramework.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\TextInputFramework.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdc1440000 LB 0x0012d000 C:\Windows\SYSTEM32\textinputframework.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'msvcp_win.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\CoreMessaging.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\CoreMessaging.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd11c0000 LB 0x00131000 C:\Windows\SYSTEM32\CoreMessaging.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume8\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\oleaut32.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\CoreMessaging.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\TextInputFramework.dll' 56f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-security-sddl-l1-1-0.dll) -> 0x0, fPresent=1 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-security-sddl-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd5020000 'api-ms-win-security-sddl-l1-1-0.dll' 56f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd5620000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll' 56f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd5620000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'coremessaging.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\CoreUIComponents.dll) 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\CoreUIComponents.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdcded0000 LB 0x0036d000 C:\Windows\SYSTEM32\CoreUIComponents.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume8\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\CoreMessaging.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\CoreUIComponents.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd57d0000 'C:\Windows\System32\RPCRT4.dll' 56f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-security-systemfunctions-l1-1-0) -> 0x0, fPresent=1 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-security-systemfunctions-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4e80000 'api-ms-win-security-systemfunctions-l1-1-0' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msctf.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd5150000 'C:\Windows\System32\MSCTF.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd6be0000 'C:\Windows\System32\ole32.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd5540000 'C:\Windows\System32\OLEAUT32.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e64 pwszName=\Device\HarddiskVolume8\Windows\System32\wbem\wbemprox.dll 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000018451cfa530 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000018451cfa530 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=72A7777E2E42F8ED9F54E831EF23DA9E1E18ED1C 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.22000.1098.cat'; file='\Device\HarddiskVolume8\Windows\System32\wbem\wbemprox.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'wbemcomn.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\wbem\wbemprox.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume8\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e68 pwszName=\Device\HarddiskVolume8\Windows\System32\wbemcomn.dll 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000018451cfa530 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000018451cfa530 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=45A464176830F0AA8063DB542765DA4B4DCE6F9E 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.22000.1098.cat'; file='\Device\HarddiskVolume8\Windows\System32\wbemcomn.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\wbemcomn.dll) WinVerifyTrust 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\wbemcomn.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wbem\wbemprox.dll 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wbemcomn.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdc73d0000 LB 0x00082000 C:\Windows\SYSTEM32\wbemcomn.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wbemcomn.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdca8d0000 LB 0x00010000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wbem\wbemprox.dll 56f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdca8d0000 'C:\Windows\system32\wbem\wbemprox.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ca8 pwszName=\Device\HarddiskVolume8\Windows\System32\wbem\wbemsvc.dll 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000018451cfa530 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000018451cfa530 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3B9E6574CB33BE95DDDFC06987443AD17F741154 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.22000.1098.cat'; file='\Device\HarddiskVolume8\Windows\System32\wbem\wbemsvc.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\wbem\wbemsvc.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wbem\wbemsvc.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdc5ce0000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wbem\wbemsvc.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc5ce0000 'C:\Windows\system32\wbem\wbemsvc.dll' 56f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-localization-l1-2-0.dll' 56f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-localization-obsolete-l1-1-0.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e6c pwszName=\Device\HarddiskVolume8\Windows\System32\wbem\fastprox.dll 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000018451cfa530 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000018451cfa530 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C006C9BBF3712859F7F5F20A758C570A45C51802 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.22000.1098.cat'; file='\Device\HarddiskVolume8\Windows\System32\wbem\fastprox.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\wbem\fastprox.dll) WinVerifyTrust 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\wbem\fastprox.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume8\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wbemcomn.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wbem\fastprox.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdc5d00000 LB 0x000fa000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wbem\fastprox.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc5d00000 'C:\Windows\system32\wbem\fastprox.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ea0 pwszName=\Device\HarddiskVolume8\Windows\System32\amsi.dll 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000018451cfa530 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000018451cfa530 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F9B29D2C3CA3C23581BE3FA30ADAFAE25F38574 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.22000.1098.cat'; file='\Device\HarddiskVolume8\Windows\System32\amsi.dll' 56f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\amsi.dll) WinVerifyTrust 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\amsi.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\amsi.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdc56e0000 LB 0x00023000 C:\Windows\System32\amsi.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\amsi.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc56e0000 'C:\Windows\System32\amsi.dll' 56f0.5ef4: \Device\HarddiskVolume8\Program Files\Avast Software\Avast\aswAMSI.dll: Owner is administrators group. 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 56f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'powrprof.dll'. 56f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Avast Software\Avast\aswAMSI.dll) WinVerifyTrust 56f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Avast Software\Avast\aswAMSI.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume8\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\powrprof.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume8\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume8\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume8\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\shell32.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\advapi32.dll 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 56f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Avast Software\Avast\aswAMSI.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Avast Software\Avast\aswAMSI.dll 56f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdc5480000 LB 0x0025c000 C:\Program Files\Avast Software\Avast\aswAMSI.dll [fFlags=0x0] 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Avast Software\Avast\aswAMSI.dll 56f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-synch-l1-2-0' 56f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-fibers-l1-1-1' 56f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-synch-l1-2-0' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\kernel32.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd5270000 'C:\Windows\System32\kernel32.dll' 56f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-security-systemfunctions-l1-1-0) -> 0x0, fPresent=1 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-security-systemfunctions-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4e80000 'api-ms-win-security-systemfunctions-l1-1-0' 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc5480000 'C:\Program Files\Avast Software\Avast\aswAMSI.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\advapi32.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4e80000 'C:\Windows\System32\ADVAPI32.dll' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd6be0000 'C:\Windows\system32\ole32.dll' 56f0.3328: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd6be0000 'C:\Windows\system32\ole32.dll' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5d60: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll: Signature #1/2: info status: 24202 56f0.5d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'. 56f0.5d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'. 56f0.5d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'. 56f0.5d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'. 56f0.5d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. 56f0.5d60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust 56f0.5d60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll 56f0.5d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 56f0.5d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 56f0.5d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 56f0.5d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 56f0.5d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'... 56f0.5d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008] 56f0.5d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'... 56f0.5d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008] 56f0.5d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 56f0.5d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 56f0.5d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5d60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll 56f0.5d60: supR3HardenedDllNotificationCallback: load 00007ffdc2530000 LB 0x00010000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0] 56f0.5d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll 56f0.5d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc2530000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL' 56f0.5b80: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll: Signature #1/2: info status: 24202 56f0.5b80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5b80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5b80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'. 56f0.5b80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'. 56f0.5b80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'. 56f0.5b80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'. 56f0.5b80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust 56f0.5b80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll 56f0.5b80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 56f0.5b80: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 56f0.5b80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'... 56f0.5b80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008] 56f0.5b80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'... 56f0.5b80: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008] 56f0.5b80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 56f0.5b80: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 56f0.5b80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5b80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll 56f0.5b80: supR3HardenedDllNotificationCallback: load 00007ffdc1fc0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0] 56f0.5b80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll 56f0.5b80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc1fc0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL' 56f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\shell32.dll 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd6420000 'C:\Windows\system32\Shell32.dll' 56f0.2e68: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll: Signature #1/2: info status: 24202 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'. 56f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 56f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'. 56f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'. 56f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'. 56f0.2e68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust 56f0.2e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume8\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume8\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.2e68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll 56f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffda5e00000 LB 0x00081000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0] 56f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda5e00000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL' 56f0.2e68: supR3HardenedDllNotificationCallback: Unload 00007ffda5e00000 LB 0x00081000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0] 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.2e68: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDD.dll: Signature #1/2: info status: 24202 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'. 56f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'. 56f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 56f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'. 56f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'. 56f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 56f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'. 56f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'. 56f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'. 56f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'. 56f0.2e68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust 56f0.2e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDD.dll 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'... 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume8\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008] 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.2e68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust 56f0.2e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\IPHLPAPI.DLL 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume8\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume8\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 56f0.2e68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\ws2_32.dll 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume8\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 56f0.2e68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\setupapi.dll) WinVerifyTrust 56f0.2e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\setupapi.dll 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'... 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008] 56f0.2e68: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDD2.dll: Signature #1/2: info status: 24202 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'. 56f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140.dll'. 56f0.2e68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust 56f0.2e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDD2.dll 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'... 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008] 56f0.2e68: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDDU.dll: Signature #1/2: info status: 24202 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\crypt32.dll 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'. 56f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 56f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 56f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'. 56f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'. 56f0.2e68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust 56f0.2e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDDU.dll 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'... 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008] 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume8\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 56f0.2e68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\setupapi.dll 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.2e68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDD.dll 56f0.2e68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDDU.dll 56f0.2e68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDD2.dll 56f0.2e68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\IPHLPAPI.DLL 56f0.2e68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cfgmgr32.dll 56f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffdd5fa0000 LB 0x0046c000 C:\Windows\System32\SETUPAPI.dll [fFlags=0x0] 56f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\setupapi.dll 56f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffdaa8a0000 LB 0x00070000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0] 56f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDDU.dll 56f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffce1090000 LB 0x0085d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0] 56f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDD2.dll 56f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffdd3030000 LB 0x0002d000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0] 56f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\IPHLPAPI.DLL 56f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffdd4110000 LB 0x0004c000 C:\Windows\SYSTEM32\cfgmgr32.DLL [fFlags=0x0] 56f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cfgmgr32.dll 56f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffce2c10000 LB 0x00b97000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0] 56f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDD.dll 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce2c10000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.2e68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll 56f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffda5e00000 LB 0x00081000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0] 56f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda5e00000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxC.dll 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3d80000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDD2.dll 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce1090000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL' 56f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.2e68: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll: Signature #1/2: info status: 24202 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'. 56f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 56f0.2e68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust 56f0.2e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.2e68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll 56f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffdc1780000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0] 56f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc1780000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.2e68: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll: Signature #1/2: info status: 24202 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'. 56f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 56f0.2e68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust 56f0.2e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.2e68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll 56f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffdc1300000 LB 0x00013000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0] 56f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc1300000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.2e68: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll: Signature #1/2: info status: 24202 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'. 56f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 56f0.2e68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust 56f0.2e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.2e68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll 56f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffdbe9f0000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0] 56f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdbe9f0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.708: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll: Signature #1/2: info status: 24202 56f0.708: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.708: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.708: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'. 56f0.708: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 56f0.708: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust 56f0.708: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll 56f0.708: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 56f0.708: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 56f0.708: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 56f0.708: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 56f0.708: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.708: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll 56f0.708: supR3HardenedDllNotificationCallback: load 00007ffdbe940000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0] 56f0.708: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll 56f0.708: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdbe940000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL' 56f0.5d38: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll: Signature #1/2: info status: 24202 56f0.5d38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5d38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5d38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'. 56f0.5d38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'. 56f0.5d38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'. 56f0.5d38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'. 56f0.5d38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust 56f0.5d38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll 56f0.5d38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 56f0.5d38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 56f0.5d38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'... 56f0.5d38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008] 56f0.5d38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'... 56f0.5d38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008] 56f0.5d38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll 56f0.5d38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 56f0.5d38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 56f0.5d38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5d38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll 56f0.5d38: supR3HardenedDllNotificationCallback: load 00007ffdc1fb0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0] 56f0.5d38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll 56f0.5d38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc1fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL' 56f0.1f98: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll: Signature #1/2: info status: 24202 56f0.1f98: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.1f98: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.1f98: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'. 56f0.1f98: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'. 56f0.1f98: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'. 56f0.1f98: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'. 56f0.1f98: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust 56f0.1f98: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll 56f0.1f98: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 56f0.1f98: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 56f0.1f98: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'... 56f0.1f98: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008] 56f0.1f98: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'... 56f0.1f98: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008] 56f0.1f98: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 56f0.1f98: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 56f0.1f98: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140.dll 56f0.1f98: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.1f98: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll 56f0.1f98: supR3HardenedDllNotificationCallback: load 00007ffdc1290000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0] 56f0.1f98: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll 56f0.1f98: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc1290000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.2e68: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll: Signature #1/2: info status: 24202 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'. 56f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 56f0.2e68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust 56f0.2e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.2e68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll 56f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffdd0800000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0] 56f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd0800000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL' 56f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\IPHLPAPI.DLL 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3030000 'C:\Windows\system32\Iphlpapi.dll' 56f0.2e68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\winnsi.dll) 56f0.2e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\winnsi.dll 56f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffdccc40000 LB 0x0000c000 C:\Windows\SYSTEM32\WINNSI.DLL [fFlags=0x0] 56f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\winnsi.dll [avoiding WinVerifyTrust] 56f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffdd5b20000 LB 0x00009000 C:\Windows\System32\NSI.dll [fFlags=0x0] 56f0.2e68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\nsi.dll) 56f0.2e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\nsi.dll 56f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 56f0.2e68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\dhcpcsvc6.dll) 56f0.2e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\dhcpcsvc6.dll 56f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffdcccf0000 LB 0x00019000 C:\Windows\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0] 56f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust] 56f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 56f0.2e68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\dhcpcsvc.dll) 56f0.2e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\dhcpcsvc.dll 56f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffdcdc80000 LB 0x0001e000 C:\Windows\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0] 56f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust] 56f0.2e68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\dnsapi.dll) 56f0.2e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\dnsapi.dll 56f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffdd3060000 LB 0x000e8000 C:\Windows\SYSTEM32\DNSAPI.dll [fFlags=0x0] 56f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\dnsapi.dll [avoiding WinVerifyTrust] 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.2e68: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\dnsapi.dll' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.2e68: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\dhcpcsvc.dll' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.2e68: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\dhcpcsvc6.dll' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.2e68: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\nsi.dll' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.2e68: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\winnsi.dll' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 56f0.2e68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\MMDevAPI.dll) WinVerifyTrust 56f0.2e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\MMDevAPI.dll 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 56f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 56f0.2e68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\MMDevAPI.dll 56f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffdc6240000 LB 0x0009b000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0] 56f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\MMDevAPI.dll 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc6240000 'C:\Windows\System32\MMDevApi.dll' 56f0.2e68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\devobj.dll 56f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffdd40e0000 LB 0x0002c000 C:\Windows\System32\DEVOBJ.dll [fFlags=0x0] 56f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\devobj.dll 56f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\MMDevAPI.dll 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc6240000 'C:\Windows\System32\MMDEVAPI.DLL' 56f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wintrust.dll 56f0.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4790000 'C:\Windows\System32\WINTRUST.DLL' 56f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\CRYPT32.dll' 56f0.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptnet.dll 56f0.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcc180000 'C:\Windows\System32\cryptnet.dll' 56f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.bc0: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.dll: Signature #1/2: info status: 24202 56f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'. 56f0.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 56f0.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'. 56f0.bc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.dll) WinVerifyTrust 56f0.bc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.dll 56f0.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 56f0.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume8\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 56f0.bc0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\ws2_32.dll 56f0.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 56f0.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 56f0.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 56f0.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 56f0.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.bc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.dll 56f0.bc0: supR3HardenedDllNotificationCallback: load 00007ffda52a0000 LB 0x000c3000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.DLL [fFlags=0x0] 56f0.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.dll 56f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda52a0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.DLL' 56f0.5250: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll' 56f0.5250: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll' 56f0.5250: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'ws2_32.dll'. 56f0.5250: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'. 56f0.5250: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\mswsock.dll) WinVerifyTrust 56f0.5250: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\mswsock.dll 56f0.5250: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 56f0.5250: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 56f0.5250: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 56f0.5250: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume8\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 56f0.5250: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\ws2_32.dll 56f0.5250: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5250: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\mswsock.dll 56f0.5250: supR3HardenedDllNotificationCallback: load 00007ffdd3a20000 LB 0x00067000 C:\Windows\system32\mswsock.dll [fFlags=0x0] 56f0.5250: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\mswsock.dll 56f0.5250: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3a20000 'C:\Windows\system32\mswsock.dll' 56f0.5250: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\mswsock.dll 56f0.5250: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 56f0.5250: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3a20000 'C:\Windows\system32\mswsock.dll' 56f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\ole32.dll 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 56f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd6be0000 'C:\Windows\system32\ole32.dll' 56f0.468c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-sysinfo-l1-2-1) -> 0x0, fPresent=1 56f0.468c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-sysinfo-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 56f0.468c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-sysinfo-l1-2-1' 56f0.1f98: supR3HardenedDllNotificationCallback: Unload 00007ffdc1290000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0] 56f0.5d38: supR3HardenedDllNotificationCallback: Unload 00007ffdc1fb0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0] 56f0.708: supR3HardenedDllNotificationCallback: Unload 00007ffdbe940000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0] 56f0.5b80: supR3HardenedDllNotificationCallback: Unload 00007ffdc1fc0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0] 56f0.5d60: supR3HardenedDllNotificationCallback: Unload 00007ffdc2530000 LB 0x00010000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0] 56f0.2e68: supR3HardenedDllNotificationCallback: Unload 00007ffdbe9f0000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [flags=0x0] 56f0.2e68: supR3HardenedDllNotificationCallback: Unload 00007ffdc1300000 LB 0x00013000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [flags=0x0] 56f0.2e68: supR3HardenedDllNotificationCallback: Unload 00007ffdc1780000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [flags=0x0] 56f0.2e68: supR3HardenedDllNotificationCallback: Unload 00007ffda5e00000 LB 0x00081000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0] 56f0.2e68: supR3HardenedDllNotificationCallback: Unload 00007ffce2c10000 LB 0x00b97000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0] 56f0.2e68: supR3HardenedDllNotificationCallback: Unload 00007ffdaa8a0000 LB 0x00070000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0] 56f0.2e68: supR3HardenedDllNotificationCallback: Unload 00007ffce1090000 LB 0x0085d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0] 56f0.2e68: supR3HardenedDllNotificationCallback: Unload 00007ffdd5fa0000 LB 0x0046c000 C:\Windows\System32\SETUPAPI.dll [flags=0x0] 56f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffdcca70000 LB 0x00009000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [flags=0x0] 56f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffce37b0000 LB 0x004d1000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [flags=0x0] 56f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffd9a830000 LB 0x00066000 C:\Windows\System32\thumbcache.dll [flags=0x0] 56f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffdaf590000 LB 0x000db000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0] 56f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffdc5ce0000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [flags=0x0] 56f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffdca8d0000 LB 0x00010000 C:\Windows\system32\wbem\wbemprox.dll [flags=0x0] 56f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffd9b2e0000 LB 0x0005d000 C:\Windows\system32\dataexchange.dll [flags=0x0] 56f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffdcbc20000 LB 0x00266000 C:\Windows\system32\twinapi.appcore.dll [flags=0x0] 56f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffcf3d80000 LB 0x003d8000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0] 56f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffdc5d00000 LB 0x000fa000 C:\Windows\system32\wbem\fastprox.dll [flags=0x0] 56f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffdc73d0000 LB 0x00082000 C:\Windows\SYSTEM32\wbemcomn.dll [flags=0x0] 56f0.5ef4: Terminating the normal way: rcExit=0 3d74.10f0: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 334692 ms, the end); b88.3fc8: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 335850 ms, the end);