3570.62f0: \SystemRoot\System32\ntdll.dll: 3570.62f0: CreationTime: 2022-11-30T10:47:54.611997200Z 3570.62f0: LastWriteTime: 2022-11-30T10:47:54.653518800Z 3570.62f0: ChangeTime: 2023-01-23T07:55:09.766507900Z 3570.62f0: FileAttributes: 0x20 3570.62f0: Size: 0x212f88 3570.62f0: NT Headers: 0xe0 3570.62f0: Timestamp: 0xa97a9ed6 3570.62f0: Machine: 0x8664 - amd64 3570.62f0: Timestamp: 0xa97a9ed6 3570.62f0: Image Version: 10.0 3570.62f0: SizeOfImage: 0x214000 (2179072) 3570.62f0: Resource Dir: 0x19e000 LB 0x747c8 3570.62f0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 3570.62f0: [Raw version resource data: 0x19e0f0 LB 0x380, codepage 0x0 (reserved 0x0)] 3570.62f0: ProductName: Microsoft® Windows® Operating System 3570.62f0: ProductVersion: 10.0.22621.900 3570.62f0: FileVersion: 10.0.22621.900 (WinBuild.160101.0800) 3570.62f0: FileDescription: NT Layer DLL 3570.62f0: \SystemRoot\System32\kernel32.dll: 3570.62f0: CreationTime: 2023-01-23T07:54:28.266970200Z 3570.62f0: LastWriteTime: 2023-01-23T07:54:28.287808400Z 3570.62f0: ChangeTime: 2023-01-23T08:05:41.567673000Z 3570.62f0: FileAttributes: 0x20 3570.62f0: Size: 0xc6118 3570.62f0: NT Headers: 0xe8 3570.62f0: Timestamp: 0xc8f98068 3570.62f0: Machine: 0x8664 - amd64 3570.62f0: Timestamp: 0xc8f98068 3570.62f0: Image Version: 10.0 3570.62f0: SizeOfImage: 0xc3000 (798720) 3570.62f0: Resource Dir: 0xc1000 LB 0x520 3570.62f0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 3570.62f0: [Raw version resource data: 0xc10b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 3570.62f0: ProductName: Microsoft® Windows® Operating System 3570.62f0: ProductVersion: 10.0.22621.1192 3570.62f0: FileVersion: 10.0.22621.1192 (WinBuild.160101.0800) 3570.62f0: FileDescription: Windows NT BASE API Client DLL 3570.62f0: \SystemRoot\System32\KernelBase.dll: 3570.62f0: CreationTime: 2023-01-23T07:54:30.948765300Z 3570.62f0: LastWriteTime: 2023-01-23T07:54:31.075418500Z 3570.62f0: ChangeTime: 2023-01-23T08:05:41.614555000Z 3570.62f0: FileAttributes: 0x20 3570.62f0: Size: 0x3a3780 3570.62f0: NT Headers: 0x100 3570.62f0: Timestamp: 0xfaa44dd0 3570.62f0: Machine: 0x8664 - amd64 3570.62f0: Timestamp: 0xfaa44dd0 3570.62f0: Image Version: 10.0 3570.62f0: SizeOfImage: 0x39c000 (3784704) 3570.62f0: Resource Dir: 0x36b000 LB 0x548 3570.62f0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 3570.62f0: [Raw version resource data: 0x36b0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 3570.62f0: ProductName: Microsoft® Windows® Operating System 3570.62f0: ProductVersion: 10.0.22621.1192 3570.62f0: FileVersion: 10.0.22621.1192 (WinBuild.160101.0800) 3570.62f0: FileDescription: Windows NT BASE API Client DLL 3570.62f0: \SystemRoot\System32\apisetschema.dll: 3570.62f0: CreationTime: 2023-01-23T07:54:18.790267200Z 3570.62f0: LastWriteTime: 2023-01-23T07:54:18.794216300Z 3570.62f0: ChangeTime: 2023-01-23T08:04:45.040904700Z 3570.62f0: FileAttributes: 0x20 3570.62f0: Size: 0x24560 3570.62f0: NT Headers: 0xc8 3570.62f0: Timestamp: 0x845ac5a8 3570.62f0: Machine: 0x8664 - amd64 3570.62f0: Timestamp: 0x845ac5a8 3570.62f0: Image Version: 10.0 3570.62f0: SizeOfImage: 0x23000 (143360) 3570.62f0: Resource Dir: 0x22000 LB 0x408 3570.62f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 3570.62f0: [Raw version resource data: 0x22060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 3570.62f0: ProductName: Microsoft® Windows® Operating System 3570.62f0: ProductVersion: 10.0.22621.1192 3570.62f0: FileVersion: 10.0.22621.1192 (WinBuild.160101.0800) 3570.62f0: FileDescription: ApiSet Schema DLL 3570.62f0: NtOpenDirectoryObject failed on \Driver: 0xc0000022 3570.62f0: supR3HardenedWinFindAdversaries: 0x4 3570.62f0: \SystemRoot\System32\drivers\aswMonFlt.sys: 3570.62f0: CreationTime: 2023-01-09T06:26:20.946486700Z 3570.62f0: LastWriteTime: 2023-01-09T06:26:17.918675600Z 3570.62f0: ChangeTime: 2023-01-09T06:26:17.918675600Z 3570.62f0: FileAttributes: 0x20 3570.62f0: Size: 0x41670 3570.62f0: NT Headers: 0xe8 3570.62f0: Timestamp: 0x6385db89 3570.62f0: Machine: 0x8664 - amd64 3570.62f0: Timestamp: 0x6385db89 3570.62f0: Image Version: 10.0 3570.62f0: SizeOfImage: 0x45000 (282624) 3570.62f0: Resource Dir: 0x43000 LB 0x3a0 3570.62f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 3570.62f0: [Raw version resource data: 0x43060 LB 0x340, codepage 0x0 (reserved 0x0)] 3570.62f0: ProductName: Avast Antivirus 3570.62f0: ProductVersion: 22.12.474.0 3570.62f0: FileVersion: 22.12.474.0 3570.62f0: FileDescription: Avast File System Filter 3570.62f0: \SystemRoot\System32\drivers\aswRdr2.sys: 3570.62f0: CreationTime: 2023-01-09T06:26:20.944534900Z 3570.62f0: LastWriteTime: 2023-01-09T06:26:17.879419200Z 3570.62f0: ChangeTime: 2023-01-09T06:26:17.879419200Z 3570.62f0: FileAttributes: 0x20 3570.62f0: Size: 0x19b20 3570.62f0: NT Headers: 0xe8 3570.62f0: Timestamp: 0x6385db8a 3570.62f0: Machine: 0x8664 - amd64 3570.62f0: Timestamp: 0x6385db8a 3570.62f0: Image Version: 10.0 3570.62f0: SizeOfImage: 0x1b000 (110592) 3570.62f0: Resource Dir: 0x19000 LB 0x388 3570.62f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 3570.62f0: [Raw version resource data: 0x19060 LB 0x324, codepage 0x0 (reserved 0x0)] 3570.62f0: ProductName: Avast Antivirus 3570.62f0: ProductVersion: 22.12.474.0 3570.62f0: FileVersion: 22.12.474.0 3570.62f0: FileDescription: Avast Antivirus 3570.62f0: \SystemRoot\System32\drivers\aswRvrt.sys: 3570.62f0: CreationTime: 2023-01-09T06:26:20.947463700Z 3570.62f0: LastWriteTime: 2023-01-09T06:26:17.940251300Z 3570.62f0: ChangeTime: 2023-01-09T06:26:17.940251300Z 3570.62f0: FileAttributes: 0x20 3570.62f0: Size: 0x139f8 3570.62f0: NT Headers: 0xe8 3570.62f0: Timestamp: 0x6385db88 3570.62f0: Machine: 0x8664 - amd64 3570.62f0: Timestamp: 0x6385db88 3570.62f0: Image Version: 10.0 3570.62f0: SizeOfImage: 0x13000 (77824) 3570.62f0: Resource Dir: 0x11000 LB 0x380 3570.62f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 3570.62f0: [Raw version resource data: 0x11060 LB 0x320, codepage 0x0 (reserved 0x0)] 3570.62f0: ProductName: Avast Antivirus 3570.62f0: ProductVersion: 22.12.474.0 3570.62f0: FileVersion: 22.12.474.0 3570.62f0: FileDescription: Avast Revert 3570.62f0: \SystemRoot\System32\drivers\aswSnx.sys: 3570.62f0: CreationTime: 2023-01-09T06:26:20.939101300Z 3570.62f0: LastWriteTime: 2023-01-09T06:26:12.663482100Z 3570.62f0: ChangeTime: 2023-01-09T06:26:12.663482100Z 3570.62f0: FileAttributes: 0x20 3570.62f0: Size: 0xd0020 3570.62f0: NT Headers: 0xf0 3570.62f0: Timestamp: 0x6385dba5 3570.62f0: Machine: 0x8664 - amd64 3570.62f0: Timestamp: 0x6385dba5 3570.62f0: Image Version: 10.0 3570.62f0: SizeOfImage: 0xd0000 (851968) 3570.62f0: Resource Dir: 0xcd000 LB 0x388 3570.62f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 3570.62f0: [Raw version resource data: 0xcd060 LB 0x324, codepage 0x0 (reserved 0x0)] 3570.62f0: ProductName: Avast Antivirus 3570.62f0: ProductVersion: 22.12.474.0 3570.62f0: FileVersion: 22.12.474.0 3570.62f0: FileDescription: Avast Antivirus 3570.62f0: \SystemRoot\System32\drivers\aswsp.sys: 3570.62f0: CreationTime: 2023-01-09T06:26:20.947463700Z 3570.62f0: LastWriteTime: 2023-02-01T14:26:26.879778500Z 3570.62f0: ChangeTime: 2023-02-01T14:26:26.879778500Z 3570.62f0: FileAttributes: 0x20 3570.62f0: Size: 0xa9cd0 3570.62f0: NT Headers: 0xe8 3570.62f0: Timestamp: 0x63d9172a 3570.62f0: Machine: 0x8664 - amd64 3570.62f0: Timestamp: 0x63d9172a 3570.62f0: Image Version: 10.0 3570.62f0: SizeOfImage: 0xac000 (704512) 3570.62f0: Resource Dir: 0xa9000 LB 0x388 3570.62f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 3570.62f0: [Raw version resource data: 0xa9060 LB 0x328, codepage 0x0 (reserved 0x0)] 3570.62f0: ProductName: Avast Antivirus 3570.62f0: ProductVersion: 22.12.501.0 3570.62f0: FileVersion: 22.12.501.0 3570.62f0: FileDescription: Avast Self Protection 3570.62f0: \SystemRoot\System32\drivers\aswStm.sys: 3570.62f0: CreationTime: 2023-01-09T06:26:20.950392400Z 3570.62f0: LastWriteTime: 2023-01-09T06:26:18.270876600Z 3570.62f0: ChangeTime: 2023-01-09T06:26:18.270876600Z 3570.62f0: FileAttributes: 0x20 3570.62f0: Size: 0x33e98 3570.62f0: NT Headers: 0xf0 3570.62f0: Timestamp: 0x6385db9e 3570.62f0: Machine: 0x8664 - amd64 3570.62f0: Timestamp: 0x6385db9e 3570.62f0: Image Version: 10.0 3570.62f0: SizeOfImage: 0x35000 (217088) 3570.62f0: Resource Dir: 0x33000 LB 0x390 3570.62f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 3570.62f0: [Raw version resource data: 0x33060 LB 0x32c, codepage 0x0 (reserved 0x0)] 3570.62f0: ProductName: Avast Antivirus 3570.62f0: ProductVersion: 22.12.474.0 3570.62f0: FileVersion: 22.12.474.0 3570.62f0: FileDescription: Avast Stream Filter 3570.62f0: \SystemRoot\System32\drivers\aswVmm.sys: 3570.62f0: CreationTime: 2023-01-09T06:26:20.951949700Z 3570.62f0: LastWriteTime: 2023-01-09T06:26:19.193172200Z 3570.62f0: ChangeTime: 2023-01-09T06:26:19.193172200Z 3570.62f0: FileAttributes: 0x20 3570.62f0: Size: 0x4dbf8 3570.62f0: NT Headers: 0xf8 3570.62f0: Timestamp: 0x6385db98 3570.62f0: Machine: 0x8664 - amd64 3570.62f0: Timestamp: 0x6385db98 3570.62f0: Image Version: 10.0 3570.62f0: SizeOfImage: 0x4c000 (311296) 3570.62f0: Resource Dir: 0x4a000 LB 0x388 3570.62f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 3570.62f0: [Raw version resource data: 0x4a060 LB 0x328, codepage 0x0 (reserved 0x0)] 3570.62f0: ProductName: Avast Antivirus 3570.62f0: ProductVersion: 22.12.474.0 3570.62f0: FileVersion: 22.12.474.0 3570.62f0: FileDescription: Avast VM Monitor 3570.62f0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 3570.62f0: Calling main() 3570.62f0: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 3570.62f0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 3570.62f0: SUPR3HardenedMain: Respawn #1 3570.62f0: System32: \Device\HarddiskVolume5\Windows\System32 3570.62f0: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS 3570.62f0: KnownDllPath: C:\WINDOWS\System32 3570.62f0: supR3HardenedWinInit: Performing a limited self purification... 3570.62f0: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION 3570.62f0: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000 3570.62f0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 3570.62f0: 000000007ffe1000-000000007ffebfff 0x0001/0x0000 0x0000000 3570.62f0: *000000007ffec000-000000007ffecfff 0x0002/0x0002 0x0020000 3570.62f0: 000000007ffed000-00000005d35fffff 0x0001/0x0000 0x0000000 3570.62f0: *00000005d3600000-00000005d3771fff 0x0000/0x0004 0x0020000 3570.62f0: 00000005d3772000-00000005d3774fff 0x0004/0x0004 0x0020000 3570.62f0: 00000005d3775000-00000005d37fffff 0x0000/0x0004 0x0020000 3570.62f0: *00000005d3800000-00000005d38b0fff 0x0000/0x0004 0x0020000 3570.62f0: 00000005d38b1000-00000005d38b3fff 0x0104/0x0004 0x0020000 3570.62f0: 00000005d38b4000-00000005d38fffff 0x0004/0x0004 0x0020000 3570.62f0: 00000005d3900000-00000138f8b3ffff 0x0001/0x0000 0x0000000 3570.62f0: *00000138f8b40000-00000138f8b4ffff 0x0004/0x0004 0x0040000 3570.62f0: *00000138f8b50000-00000138f8b52fff 0x0002/0x0002 0x0040000 3570.62f0: 00000138f8b53000-00000138f8b5ffff 0x0001/0x0000 0x0000000 3570.62f0: *00000138f8b60000-00000138f8b7efff 0x0002/0x0002 0x0040000 3570.62f0: 00000138f8b7f000-00000138f8b7ffff 0x0001/0x0000 0x0000000 3570.62f0: *00000138f8b80000-00000138f8b80fff 0x0020/0x0020 0x0040000 !! 3570.62f0: 00000138f8b81000-00000138f8b8ffff 0x0001/0x0000 0x0000000 3570.62f0: *00000138f8b90000-00000138f8b93fff 0x0002/0x0002 0x0040000 3570.62f0: 00000138f8b94000-00000138f8b9ffff 0x0001/0x0000 0x0000000 3570.62f0: *00000138f8ba0000-00000138f8ba0fff 0x0002/0x0002 0x0040000 3570.62f0: 00000138f8ba1000-00000138f8baffff 0x0001/0x0000 0x0000000 3570.62f0: *00000138f8bb0000-00000138f8bb1fff 0x0004/0x0004 0x0020000 3570.62f0: 00000138f8bb2000-00000138f8bbffff 0x0001/0x0000 0x0000000 3570.62f0: *00000138f8bc0000-00000138f8bc2fff 0x0002/0x0002 0x0040000 3570.62f0: 00000138f8bc3000-00000138f8bcffff 0x0001/0x0000 0x0000000 3570.62f0: *00000138f8bd0000-00000138f8bd1fff 0x0004/0x0004 0x0020000 3570.62f0: 00000138f8bd2000-00000138f8c31fff 0x0000/0x0004 0x0020000 3570.62f0: 00000138f8c32000-00000138f8c3ffff 0x0001/0x0000 0x0000000 3570.62f0: *00000138f8c40000-00000138f8c40fff 0x0002/0x0002 0x0040000 3570.62f0: 00000138f8c41000-00000138f8c4ffff 0x0001/0x0000 0x0000000 3570.62f0: *00000138f8c50000-00000138f8c50fff 0x0002/0x0002 0x0040000 3570.62f0: 00000138f8c51000-00000138f8c5ffff 0x0001/0x0000 0x0000000 3570.62f0: *00000138f8c60000-00000138f8c60fff 0x0002/0x0002 0x0040000 3570.62f0: 00000138f8c61000-00000138f8c7ffff 0x0001/0x0000 0x0000000 3570.62f0: *00000138f8c80000-00000138f8c8afff 0x0004/0x0004 0x0020000 3570.62f0: 00000138f8c8b000-00000138f8d7ffff 0x0000/0x0004 0x0020000 3570.62f0: *00000138f8d80000-00000138f8e4dfff 0x0002/0x0002 0x0040000 3570.62f0: 00000138f8e4e000-00000138f8e4ffff 0x0001/0x0000 0x0000000 3570.62f0: *00000138f8e50000-00000138f8e51fff 0x0004/0x0004 0x0020000 3570.62f0: 00000138f8e52000-00000138f8eb1fff 0x0000/0x0004 0x0020000 3570.62f0: 00000138f8eb2000-00000138f8ebffff 0x0001/0x0000 0x0000000 3570.62f0: *00000138f8ec0000-00000138f8eedfff 0x0004/0x0004 0x0020000 3570.62f0: 00000138f8eee000-00000138f8fbffff 0x0000/0x0004 0x0020000 3570.62f0: 00000138f8fc0000-00000138f8fdffff 0x0001/0x0000 0x0000000 3570.62f0: *00000138f8fe0000-00000138f8feefff 0x0004/0x0004 0x0020000 3570.62f0: 00000138f8fef000-00000138f8feffff 0x0000/0x0004 0x0020000 3570.62f0: *00000138f8ff0000-00000138f8ff8fff 0x0000/0x0004 0x0020000 3570.62f0: 00000138f8ff9000-00000138f920dfff 0x0004/0x0004 0x0020000 3570.62f0: 00000138f920e000-00000138f920efff 0x0000/0x0004 0x0020000 3570.62f0: 00000138f920f000-00007df44128ffff 0x0001/0x0000 0x0000000 3570.62f0: *00007df441290000-00007df441294fff 0x0002/0x0002 0x0040000 3570.62f0: 00007df441295000-00007df44138ffff 0x0000/0x0002 0x0040000 3570.62f0: *00007df441390000-00007df5413affff 0x0000/0x0004 0x0020000 3570.62f0: *00007df5413b0000-00007df5433affff 0x0000/0x0004 0x0020000 3570.62f0: 00007df5433b0000-00007df5433b0fff 0x0004/0x0004 0x0020000 3570.62f0: 00007df5433b1000-00007df5433bffff 0x0001/0x0000 0x0000000 3570.62f0: *00007df5433c0000-00007df5433c0fff 0x0002/0x0002 0x0040000 3570.62f0: 00007df5433c1000-00007df5433cffff 0x0001/0x0000 0x0000000 3570.62f0: *00007df5433d0000-00007df544d8afff 0x0000/0x0001 0x0040000 3570.62f0: 00007df544d8b000-00007df544e13fff 0x0001/0x0001 0x0040000 3570.62f0: 00007df544e14000-00007df5451c0fff 0x0000/0x0001 0x0040000 3570.62f0: 00007df5451c1000-00007df5451c1fff 0x0001/0x0001 0x0040000 3570.62f0: 00007df5451c2000-00007dfa271fdfff 0x0000/0x0001 0x0040000 3570.62f0: 00007dfa271fe000-00007dfa271fefff 0x0002/0x0001 0x0040000 3570.62f0: 00007dfa271ff000-00007ff523246fff 0x0000/0x0001 0x0040000 3570.62f0: 00007ff523247000-00007ff52324bfff 0x0002/0x0001 0x0040000 3570.62f0: 00007ff52324c000-00007ff53a0e3fff 0x0000/0x0001 0x0040000 3570.62f0: 00007ff53a0e4000-00007ff53e36bfff 0x0001/0x0001 0x0040000 3570.62f0: 00007ff53e36c000-00007ff53e36cfff 0x0002/0x0001 0x0040000 3570.62f0: 00007ff53e36d000-00007ff53e7acfff 0x0001/0x0001 0x0040000 3570.62f0: 00007ff53e7ad000-00007ff53e7adfff 0x0002/0x0001 0x0040000 3570.62f0: 00007ff53e7ae000-00007ff53f2cffff 0x0001/0x0001 0x0040000 3570.62f0: 00007ff53f2d0000-00007ff53f2defff 0x0002/0x0001 0x0040000 3570.62f0: 00007ff53f2df000-00007ff53f2e9fff 0x0001/0x0001 0x0040000 3570.62f0: 00007ff53f2ea000-00007ff53f2edfff 0x0002/0x0001 0x0040000 3570.62f0: 00007ff53f2ee000-00007ff53f367fff 0x0001/0x0001 0x0040000 3570.62f0: 00007ff53f368000-00007ff53f371fff 0x0002/0x0001 0x0040000 3570.62f0: 00007ff53f372000-00007ff5433cffff 0x0000/0x0001 0x0040000 3570.62f0: 00007ff5433d0000-00007ff7f9dbffff 0x0001/0x0000 0x0000000 3570.62f0: *00007ff7f9dc0000-00007ff7f9dc0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3570.62f0: 00007ff7f9dc1000-00007ff7f9e2afff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3570.62f0: 00007ff7f9e2b000-00007ff7f9e2bfff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3570.62f0: 00007ff7f9e2c000-00007ff7f9e7efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3570.62f0: 00007ff7f9e7f000-00007ff7f9e81fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3570.62f0: 00007ff7f9e82000-00007ff7f9e84fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3570.62f0: 00007ff7f9e85000-00007ff7f9e87fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3570.62f0: 00007ff7f9e88000-00007ff7f9e88fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3570.62f0: 00007ff7f9e89000-00007ff7f9e8afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3570.62f0: 00007ff7f9e8b000-00007ff7f9e8bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3570.62f0: 00007ff7f9e8c000-00007ff7f9ed3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3570.62f0: 00007ff7f9ed4000-00007ffebe71ffff 0x0001/0x0000 0x0000000 3570.62f0: *00007ffebe720000-00007ffebe72ffff 0x0020/0x0040 0x0020000 !! 3570.62f0: 00007ffebe730000-00007ffecf75ffff 0x0001/0x0000 0x0000000 3570.62f0: *00007ffecf760000-00007ffecf760fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswhook.dll 3570.62f0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffecf760000 LB 0x1000 (base 00007ffecf760000) - 'aswhook.dll' 3570.62f0: 00007ffecf761000-00007ffecf76afff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswhook.dll 3570.62f0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffecf761000 LB 0xa000 (base 00007ffecf760000) - 'aswhook.dll' 3570.62f0: 00007ffecf76b000-00007ffecf76dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswhook.dll 3570.62f0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffecf76b000 LB 0x3000 (base 00007ffecf760000) - 'aswhook.dll' 3570.62f0: 00007ffecf76e000-00007ffecf76ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswhook.dll 3570.62f0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffecf76e000 LB 0x2000 (base 00007ffecf760000) - 'aswhook.dll' 3570.62f0: 00007ffecf770000-00007ffecf773fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswhook.dll 3570.62f0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffecf770000 LB 0x4000 (base 00007ffecf760000) - 'aswhook.dll' 3570.62f0: 00007ffecf774000-00007ffecf774fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswhook.dll 3570.62f0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffecf774000 LB 0x1000 (base 00007ffecf760000) - 'aswhook.dll' 3570.62f0: 00007ffecf775000-00007ffecf776fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswhook.dll 3570.62f0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffecf775000 LB 0x2000 (base 00007ffecf760000) - 'aswhook.dll' 3570.62f0: 00007ffecf777000-00007ffefbffffff 0x0001/0x0000 0x0000000 3570.62f0: *00007ffefc000000-00007ffefc000fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\KernelBase.dll 3570.62f0: 00007ffefc001000-00007ffefc189fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\KernelBase.dll 3570.62f0: 00007ffefc18a000-00007ffefc34bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\KernelBase.dll 3570.62f0: 00007ffefc34c000-00007ffefc350fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\KernelBase.dll 3570.62f0: 00007ffefc351000-00007ffefc39bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\KernelBase.dll 3570.62f0: 00007ffefc39c000-00007ffefc67ffff 0x0001/0x0000 0x0000000 3570.62f0: *00007ffefc680000-00007ffefc680fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\kernel32.dll 3570.62f0: 00007ffefc681000-00007ffefc701fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\kernel32.dll 3570.62f0: 00007ffefc702000-00007ffefc737fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\kernel32.dll 3570.62f0: 00007ffefc738000-00007ffefc738fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\kernel32.dll 3570.62f0: 00007ffefc739000-00007ffefc739fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\kernel32.dll 3570.62f0: 00007ffefc73a000-00007ffefc742fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\kernel32.dll 3570.62f0: 00007ffefc743000-00007ffefe62ffff 0x0001/0x0000 0x0000000 3570.62f0: *00007ffefe630000-00007ffefe630fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3570.62f0: 00007ffefe631000-00007ffefe760fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3570.62f0: 00007ffefe761000-00007ffefe7adfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3570.62f0: 00007ffefe7ae000-00007ffefe7aefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3570.62f0: 00007ffefe7af000-00007ffefe7b0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3570.62f0: 00007ffefe7b1000-00007ffefe7b9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3570.62f0: 00007ffefe7ba000-00007ffefe843fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3570.62f0: 00007ffefe844000-00007ffffffeffff 0x0001/0x0000 0x0000000 3570.62f0: kernel32.dll: timestamp 0xc8f98068 (rc=VINF_SUCCESS) 3570.62f0: kernelbase.dll: timestamp 0xfaa44dd0 (rc=VINF_SUCCESS) 3570.62f0: VirtualBoxVM.exe: timestamp 0x63bee674 (rc=VINF_SUCCESS) 3570.62f0: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 3570.62f0: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 3570.62f0: VirtualBoxVM.exe: Differences in section #7 (.00cfg) between file and memory: 3570.62f0: 00007ff7f9e93000 / 0x00d3000: 00 != f0 3570.62f0: 00007ff7f9e93001 / 0x00d3001: 0d != ea 3570.62f0: 00007ff7f9e93002 / 0x00d3002: de != 6b 3570.62f0: 00007ff7f9e93003 / 0x00d3003: f9 != fe 3570.62f0: 00007ff7f9e93004 / 0x00d3004: f7 != fe 3570.62f0: 00007ff7f9e93008 / 0x00d3008: 00 != f0 3570.62f0: 00007ff7f9e93009 / 0x00d3009: 0d != ea 3570.62f0: 00007ff7f9e9300a / 0x00d300a: de != 6b 3570.62f0: 00007ff7f9e9300b / 0x00d300b: f9 != fe 3570.62f0: 00007ff7f9e9300c / 0x00d300c: f7 != fe 3570.62f0: 00007ff7f9e93010 / 0x00d3010: 40 != 30 3570.62f0: 00007ff7f9e93011 / 0x00d3011: ab != ec 3570.62f0: 00007ff7f9e93012 / 0x00d3012: e2 != 6b 3570.62f0: 00007ff7f9e93013 / 0x00d3013: f9 != fe 3570.62f0: 00007ff7f9e93014 / 0x00d3014: f7 != fe 3570.62f0: 00007ff7f9e93018 / 0x00d3018: 60 != 30 3570.62f0: 00007ff7f9e93019 / 0x00d3019: ab != ec 3570.62f0: 00007ff7f9e9301a / 0x00d301a: e2 != 6b 3570.62f0: 00007ff7f9e9301b / 0x00d301b: f9 != fe 3570.62f0: 00007ff7f9e9301c / 0x00d301c: f7 != fe 3570.62f0: 00007ff7f9e93020 / 0x00d3020: 60 != 30 3570.62f0: 00007ff7f9e93021 / 0x00d3021: ab != ec 3570.62f0: 00007ff7f9e93022 / 0x00d3022: e2 != 6b 3570.62f0: 00007ff7f9e93023 / 0x00d3023: f9 != fe 3570.62f0: 00007ff7f9e93024 / 0x00d3024: f7 != fe 3570.62f0: Restored 0x28 bytes of original file content at 00007ff7f9e93000 3570.62f0: VirtualBoxVM.exe: Differences in section #8 (.rsrc) between file and memory: 3570.62f0: 00007ff7f9ed25f4 / 0x01125f4: 00 != 50 3570.62f0: 00007ff7f9ed25f5 / 0x01125f5: 00 != 41 3570.62f0: 00007ff7f9ed25f6 / 0x01125f6: 00 != 44 3570.62f0: 00007ff7f9ed25f7 / 0x01125f7: 00 != 44 3570.62f0: 00007ff7f9ed25f8 / 0x01125f8: 00 != 49 3570.62f0: 00007ff7f9ed25f9 / 0x01125f9: 00 != 4e 3570.62f0: 00007ff7f9ed25fa / 0x01125fa: 00 != 47 3570.62f0: 00007ff7f9ed25fb / 0x01125fb: 00 != 58 3570.62f0: 00007ff7f9ed25fc / 0x01125fc: 00 != 58 3570.62f0: 00007ff7f9ed25fd / 0x01125fd: 00 != 50 3570.62f0: 00007ff7f9ed25fe / 0x01125fe: 00 != 41 3570.62f0: 00007ff7f9ed25ff / 0x01125ff: 00 != 44 3570.62f0: Restored 0xa0c bytes of original file content at 00007ff7f9ed25f4 3570.62f0: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports 3570.62f0: ntdll.dll: Differences in section #1 (.text) between file and memory: 3570.62f0: 00007ffefe64ed70 / 0x001ed70: 48 != e9 3570.62f0: 00007ffefe64ed71 / 0x001ed71: 89 != 63 3570.62f0: 00007ffefe64ed72 / 0x001ed72: 5c != 14 3570.62f0: 00007ffefe64ed73 / 0x001ed73: 24 != 0d 3570.62f0: 00007ffefe64ed74 / 0x001ed74: 08 != c0 3570.62f0: 00007ffefe64ed75 / 0x001ed75: 48 != cc 3570.62f0: 00007ffefe64ed76 / 0x001ed76: 89 != cc 3570.62f0: 00007ffefe64ed77 / 0x001ed77: 74 != cc 3570.62f0: 00007ffefe64ed78 / 0x001ed78: 24 != cc 3570.62f0: 00007ffefe64ed79 / 0x001ed79: 20 != cc 3570.62f0: Restored 0x2000 bytes of original file content at 00007ffefe64d000 3570.62f0: ntdll.dll: Differences in section #1 (.text) between file and memory: 3570.62f0: 00007ffefe65a8a0 / 0x002a8a0: 48 != e9 3570.62f0: 00007ffefe65a8a1 / 0x002a8a1: 89 != 93 3570.62f0: 00007ffefe65a8a2 / 0x002a8a2: 5c != 59 3570.62f0: 00007ffefe65a8a3 / 0x002a8a3: 24 != 0c 3570.62f0: 00007ffefe65a8a4 / 0x002a8a4: 10 != c0 3570.62f0: 00007ffefe65a8a5 / 0x002a8a5: 56 != cc 3570.62f0: Restored 0x2000 bytes of original file content at 00007ffefe659000 3570.62f0: ntdll.dll: Differences in section #1 (.text) between file and memory: 3570.62f0: 00007ffefe731370 / 0x0101370: 48 != e9 3570.62f0: 00007ffefe731371 / 0x0101371: 89 != 03 3570.62f0: 00007ffefe731372 / 0x0101372: 5c != ee 3570.62f0: 00007ffefe731373 / 0x0101373: 24 != fe 3570.62f0: 00007ffefe731374 / 0x0101374: 08 != bf 3570.62f0: 00007ffefe731375 / 0x0101375: 48 != cc 3570.62f0: 00007ffefe731376 / 0x0101376: 89 != cc 3570.62f0: 00007ffefe731377 / 0x0101377: 74 != cc 3570.62f0: 00007ffefe731378 / 0x0101378: 24 != cc 3570.62f0: 00007ffefe731379 / 0x0101379: 10 != cc 3570.62f0: Restored 0x2000 bytes of original file content at 00007ffefe730e7e 3570.62f0: ntdll.dll: Differences in section #9 (.00cfg) between file and memory: 3570.62f0: 00007ffefe7cd000 / 0x019d000: b0 != 30 3570.62f0: 00007ffefe7cd001 / 0x019d001: 2a != ec 3570.62f0: 00007ffefe7cd002 / 0x019d002: 6d != 6b 3570.62f0: 00007ffefe7cd008 / 0x019d008: e0 != f0 3570.62f0: 00007ffefe7cd009 / 0x019d009: e9 != ea 3570.62f0: 00007ffefe7cd010 / 0x019d010: d0 != 30 3570.62f0: 00007ffefe7cd011 / 0x019d011: 2a != ec 3570.62f0: 00007ffefe7cd012 / 0x019d012: 6d != 6b 3570.62f0: 00007ffefe7cd018 / 0x019d018: d0 != 30 3570.62f0: 00007ffefe7cd019 / 0x019d019: 2a != ec 3570.62f0: 00007ffefe7cd01a / 0x019d01a: 6d != 6b 3570.62f0: Restored 0x28 bytes of original file content at 00007ffefe7cd000 3570.62f0: kernel32.dll: Differences in section #2 (.rdata) between file and memory: 3570.62f0: 00007ffefc706568 / 0x0086568: 80 != f0 3570.62f0: 00007ffefc706569 / 0x0086569: 02 != ea 3570.62f0: 00007ffefc70656a / 0x008656a: 6a != 6b 3570.62f0: 00007ffefc70656b / 0x008656b: fc != fe 3570.62f0: 00007ffefc706570 / 0x0086570: 90 != 30 3570.62f0: 00007ffefc706571 / 0x0086571: 3f != ec 3570.62f0: 00007ffefc706572 / 0x0086572: 6a != 6b 3570.62f0: 00007ffefc706573 / 0x0086573: fc != fe 3570.62f0: 00007ffefc706578 / 0x0086578: 80 != f0 3570.62f0: 00007ffefc706579 / 0x0086579: 02 != ea 3570.62f0: 00007ffefc70657a / 0x008657a: 6a != 6b 3570.62f0: 00007ffefc70657b / 0x008657b: fc != fe 3570.62f0: 00007ffefc706580 / 0x0086580: b0 != 30 3570.62f0: 00007ffefc706581 / 0x0086581: 3f != ec 3570.62f0: 00007ffefc706582 / 0x0086582: 6a != 6b 3570.62f0: 00007ffefc706583 / 0x0086583: fc != fe 3570.62f0: 00007ffefc706588 / 0x0086588: b0 != 30 3570.62f0: 00007ffefc706589 / 0x0086589: 3f != ec 3570.62f0: 00007ffefc70658a / 0x008658a: 6a != 6b 3570.62f0: 00007ffefc70658b / 0x008658b: fc != fe 3570.62f0: Restored 0x2000 bytes of original file content at 00007ffefc706000 3570.62f0: kernelbase.dll: Differences in section #2 (.rdata) between file and memory: 3570.62f0: 00007ffefc259820 / 0x0259820: e0 != f0 3570.62f0: 00007ffefc259821 / 0x0259821: e6 != ea 3570.62f0: 00007ffefc259822 / 0x0259822: 0b != 6b 3570.62f0: 00007ffefc259823 / 0x0259823: fc != fe 3570.62f0: 00007ffefc259828 / 0x0259828: 90 != 30 3570.62f0: 00007ffefc259829 / 0x0259829: ea != ec 3570.62f0: 00007ffefc25982a / 0x025982a: 0b != 6b 3570.62f0: 00007ffefc25982b / 0x025982b: fc != fe 3570.62f0: 00007ffefc259830 / 0x0259830: e0 != f0 3570.62f0: 00007ffefc259831 / 0x0259831: e6 != ea 3570.62f0: 00007ffefc259832 / 0x0259832: 0b != 6b 3570.62f0: 00007ffefc259833 / 0x0259833: fc != fe 3570.62f0: 00007ffefc259838 / 0x0259838: b0 != 30 3570.62f0: 00007ffefc259839 / 0x0259839: ea != ec 3570.62f0: 00007ffefc25983a / 0x025983a: 0b != 6b 3570.62f0: 00007ffefc25983b / 0x025983b: fc != fe 3570.62f0: 00007ffefc259840 / 0x0259840: b0 != 30 3570.62f0: 00007ffefc259841 / 0x0259841: ea != ec 3570.62f0: 00007ffefc259842 / 0x0259842: 0b != 6b 3570.62f0: 00007ffefc259843 / 0x0259843: fc != fe 3570.62f0: Restored 0x2000 bytes of original file content at 00007ffefc258000 3570.62f0: supHardNtVpCheckHandles: 3570.62f0: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=8 3570.62f0: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 3570.62f0: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 3570.62f0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 3570.62f0: supR3HardNtEnableThreadCreationEx: 3570.62f0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffefe6a3e50 pvNtTerminateThread=00007ffefe6cf850 3570.62f0: supR3HardenedWinDoReSpawn(1): New child 3d18.6634 [kernel32]. 3570.62f0: supR3HardNtChildGatherData: PebBaseAddress=000000bd4cbd3000 cbPeb=0x388 3570.62f0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffefe630000 uNtDllChildAddr=00007ffefe630000 3570.62f0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffefe6a3e50 3570.62f0: supR3HardenedWinSetupChildInit: Initial context: rax=0000000000000000 rbx=0000000000000000 rcx=00007ff7f9dcb7a0 rdx=000000bd4cbd3000 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000 rip=00007ffefe68df90 rsp=000000bd4ccffa48 rbp=0000000000000000 ctxflags=0010001b cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000 3570.62f0: supR3HardenedWinSetupChildInit: Start child. 3570.62f0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms. 3570.62f0: supR3HardNtChildPurify: Startup delay kludge #1/0: 518 ms, 60 sleeps 3570.62f0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 3570.62f0: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000 3570.62f0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 3570.62f0: 000000007ffe1000-000000007ffebfff 0x0001/0x0000 0x0000000 3570.62f0: *000000007ffec000-000000007ffecfff 0x0002/0x0002 0x0020000 3570.62f0: 000000007ffed000-000000bd4c9fffff 0x0001/0x0000 0x0000000 3570.62f0: *000000bd4ca00000-000000bd4cbd2fff 0x0000/0x0004 0x0020000 3570.62f0: 000000bd4cbd3000-000000bd4cbd5fff 0x0004/0x0004 0x0020000 3570.62f0: 000000bd4cbd6000-000000bd4cbfffff 0x0000/0x0004 0x0020000 3570.62f0: *000000bd4cc00000-000000bd4ccfafff 0x0000/0x0004 0x0020000 3570.62f0: 000000bd4ccfb000-000000bd4ccfdfff 0x0104/0x0004 0x0020000 3570.62f0: 000000bd4ccfe000-000000bd4ccfffff 0x0004/0x0004 0x0020000 3570.62f0: 000000bd4cd00000-0000028f3cd1ffff 0x0001/0x0000 0x0000000 3570.62f0: *0000028f3cd20000-0000028f3cd3ffff 0x0004/0x0004 0x0020000 3570.62f0: *0000028f3cd40000-0000028f3cd5efff 0x0002/0x0002 0x0040000 3570.62f0: 0000028f3cd5f000-0000028f3cd5ffff 0x0001/0x0000 0x0000000 3570.62f0: *0000028f3cd60000-0000028f3cd60fff 0x0020/0x0020 0x0040000 !! 3570.62f0: supHardNtVpScanVirtualMemory: Unmapping exec mem at 0000028f3cd60000 (0000028f3cd60000/0000028f3cd60000 LB 0x1000) 3570.62f0: 0000028f3cd61000-0000028f3cd6ffff 0x0001/0x0000 0x0000000 3570.62f0: *0000028f3cd70000-0000028f3cd73fff 0x0002/0x0002 0x0040000 3570.62f0: 0000028f3cd74000-0000028f3cd7ffff 0x0001/0x0000 0x0000000 3570.62f0: *0000028f3cd80000-0000028f3cd80fff 0x0002/0x0002 0x0040000 3570.62f0: 0000028f3cd81000-0000028f3cd8ffff 0x0001/0x0000 0x0000000 3570.62f0: *0000028f3cd90000-0000028f3cd91fff 0x0004/0x0004 0x0020000 3570.62f0: 0000028f3cd92000-00007df5b35affff 0x0001/0x0000 0x0000000 3570.62f0: *00007df5b35b0000-00007df5b35b0fff 0x0002/0x0002 0x0040000 3570.62f0: 00007df5b35b1000-00007df5b35bffff 0x0001/0x0000 0x0000000 3570.62f0: *00007df5b35c0000-00007df5b4f7afff 0x0000/0x0001 0x0040000 3570.62f0: 00007df5b4f7b000-00007df5b5003fff 0x0001/0x0001 0x0040000 3570.62f0: 00007df5b5004000-00007df5b53b0fff 0x0000/0x0001 0x0040000 3570.62f0: 00007df5b53b1000-00007df5b53b1fff 0x0001/0x0001 0x0040000 3570.62f0: 00007df5b53b2000-00007dfff04f4fff 0x0000/0x0001 0x0040000 3570.62f0: 00007dfff04f5000-00007dfff04f5fff 0x0002/0x0001 0x0040000 3570.62f0: 00007dfff04f6000-00007ff593436fff 0x0000/0x0001 0x0040000 3570.62f0: 00007ff593437000-00007ff59343bfff 0x0002/0x0001 0x0040000 3570.62f0: 00007ff59343c000-00007ff5aa2d3fff 0x0000/0x0001 0x0040000 3570.62f0: 00007ff5aa2d4000-00007ff5af557fff 0x0001/0x0001 0x0040000 3570.62f0: 00007ff5af558000-00007ff5af561fff 0x0002/0x0001 0x0040000 3570.62f0: 00007ff5af562000-00007ff5b35bffff 0x0000/0x0001 0x0040000 3570.62f0: 00007ff5b35c0000-00007ff7f9dbffff 0x0001/0x0000 0x0000000 3570.62f0: *00007ff7f9dc0000-00007ff7f9dc0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3570.62f0: 00007ff7f9dc1000-00007ff7f9e2afff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3570.62f0: 00007ff7f9e2b000-00007ff7f9e2bfff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3570.62f0: 00007ff7f9e2c000-00007ff7f9e7efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3570.62f0: 00007ff7f9e7f000-00007ff7f9e7ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3570.62f0: 00007ff7f9e80000-00007ff7f9e80fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3570.62f0: 00007ff7f9e81000-00007ff7f9e85fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3570.62f0: 00007ff7f9e86000-00007ff7f9e8bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3570.62f0: 00007ff7f9e8c000-00007ff7f9ed3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3570.62f0: 00007ff7f9ed4000-00007ffefe62ffff 0x0001/0x0000 0x0000000 3570.62f0: *00007ffefe630000-00007ffefe630fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3570.62f0: 00007ffefe631000-00007ffefe760fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3570.62f0: 00007ffefe761000-00007ffefe7adfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3570.62f0: 00007ffefe7ae000-00007ffefe7b9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3570.62f0: 00007ffefe7ba000-00007ffefe7c8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3570.62f0: 00007ffefe7c9000-00007ffefe7c9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3570.62f0: 00007ffefe7ca000-00007ffefe7ccfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3570.62f0: 00007ffefe7cd000-00007ffefe843fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3570.62f0: 00007ffefe844000-00007ffffffeffff 0x0001/0x0000 0x0000000 3570.62f0: VirtualBoxVM.exe: Differences in section #8 (.rsrc) between file and memory: 3570.62f0: 00007ff7f9ed25f4 / 0x01125f4: 00 != 50 3570.62f0: 00007ff7f9ed25f5 / 0x01125f5: 00 != 41 3570.62f0: 00007ff7f9ed25f6 / 0x01125f6: 00 != 44 3570.62f0: 00007ff7f9ed25f7 / 0x01125f7: 00 != 44 3570.62f0: 00007ff7f9ed25f8 / 0x01125f8: 00 != 49 3570.62f0: 00007ff7f9ed25f9 / 0x01125f9: 00 != 4e 3570.62f0: 00007ff7f9ed25fa / 0x01125fa: 00 != 47 3570.62f0: 00007ff7f9ed25fb / 0x01125fb: 00 != 58 3570.62f0: 00007ff7f9ed25fc / 0x01125fc: 00 != 58 3570.62f0: 00007ff7f9ed25fd / 0x01125fd: 00 != 50 3570.62f0: 00007ff7f9ed25fe / 0x01125fe: 00 != 41 3570.62f0: 00007ff7f9ed25ff / 0x01125ff: 00 != 44 3570.62f0: Restored 0xa0c bytes of original file content at 00007ff7f9ed25f4 3570.62f0: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x4 3570.62f0: supR3HardNtChildPurify: Startup delay kludge #1/1: 513 ms, 59 sleeps 3570.62f0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 3570.62f0: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000 3570.62f0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 3570.62f0: 000000007ffe1000-000000007ffebfff 0x0001/0x0000 0x0000000 3570.62f0: *000000007ffec000-000000007ffecfff 0x0002/0x0002 0x0020000 3570.62f0: 000000007ffed000-000000bd4c9fffff 0x0001/0x0000 0x0000000 3570.62f0: *000000bd4ca00000-000000bd4cbd2fff 0x0000/0x0004 0x0020000 3570.62f0: 000000bd4cbd3000-000000bd4cbd5fff 0x0004/0x0004 0x0020000 3570.62f0: 000000bd4cbd6000-000000bd4cbfffff 0x0000/0x0004 0x0020000 3570.62f0: *000000bd4cc00000-000000bd4ccfafff 0x0000/0x0004 0x0020000 3570.62f0: 000000bd4ccfb000-000000bd4ccfdfff 0x0104/0x0004 0x0020000 3570.62f0: 000000bd4ccfe000-000000bd4ccfffff 0x0004/0x0004 0x0020000 3570.62f0: 000000bd4cd00000-0000028f3cd1ffff 0x0001/0x0000 0x0000000 3570.62f0: *0000028f3cd20000-0000028f3cd3ffff 0x0004/0x0004 0x0020000 3570.62f0: *0000028f3cd40000-0000028f3cd5efff 0x0002/0x0002 0x0040000 3570.62f0: 0000028f3cd5f000-0000028f3cd6ffff 0x0001/0x0000 0x0000000 3570.62f0: *0000028f3cd70000-0000028f3cd73fff 0x0002/0x0002 0x0040000 3570.62f0: 0000028f3cd74000-0000028f3cd7ffff 0x0001/0x0000 0x0000000 3570.62f0: *0000028f3cd80000-0000028f3cd80fff 0x0002/0x0002 0x0040000 3570.62f0: 0000028f3cd81000-0000028f3cd8ffff 0x0001/0x0000 0x0000000 3570.62f0: *0000028f3cd90000-0000028f3cd91fff 0x0004/0x0004 0x0020000 3570.62f0: 0000028f3cd92000-00007df5b35affff 0x0001/0x0000 0x0000000 3570.62f0: *00007df5b35b0000-00007df5b35b0fff 0x0002/0x0002 0x0040000 3570.62f0: 00007df5b35b1000-00007df5b35bffff 0x0001/0x0000 0x0000000 3570.62f0: *00007df5b35c0000-00007df5b4f7afff 0x0000/0x0001 0x0040000 3570.62f0: 00007df5b4f7b000-00007df5b5003fff 0x0001/0x0001 0x0040000 3570.62f0: 00007df5b5004000-00007df5b53b0fff 0x0000/0x0001 0x0040000 3570.62f0: 00007df5b53b1000-00007df5b53b1fff 0x0001/0x0001 0x0040000 3570.62f0: 00007df5b53b2000-00007dfff04f4fff 0x0000/0x0001 0x0040000 3570.62f0: 00007dfff04f5000-00007dfff04f5fff 0x0002/0x0001 0x0040000 3570.62f0: 00007dfff04f6000-00007ff593436fff 0x0000/0x0001 0x0040000 3570.62f0: 00007ff593437000-00007ff59343bfff 0x0002/0x0001 0x0040000 3570.62f0: 00007ff59343c000-00007ff5aa2d3fff 0x0000/0x0001 0x0040000 3570.62f0: 00007ff5aa2d4000-00007ff5af557fff 0x0001/0x0001 0x0040000 3570.62f0: 00007ff5af558000-00007ff5af561fff 0x0002/0x0001 0x0040000 3570.62f0: 00007ff5af562000-00007ff5b35bffff 0x0000/0x0001 0x0040000 3570.62f0: 00007ff5b35c0000-00007ff7f9dbffff 0x0001/0x0000 0x0000000 3570.62f0: *00007ff7f9dc0000-00007ff7f9dc0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3570.62f0: 00007ff7f9dc1000-00007ff7f9e2afff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3570.62f0: 00007ff7f9e2b000-00007ff7f9e2bfff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3570.62f0: 00007ff7f9e2c000-00007ff7f9e7efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3570.62f0: 00007ff7f9e7f000-00007ff7f9e8bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3570.62f0: 00007ff7f9e8c000-00007ff7f9ed3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3570.62f0: 00007ff7f9ed4000-00007ffefe62ffff 0x0001/0x0000 0x0000000 3570.62f0: *00007ffefe630000-00007ffefe630fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3570.62f0: 00007ffefe631000-00007ffefe760fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3570.62f0: 00007ffefe761000-00007ffefe7adfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3570.62f0: 00007ffefe7ae000-00007ffefe7b1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3570.62f0: 00007ffefe7b2000-00007ffefe7b9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3570.62f0: 00007ffefe7ba000-00007ffefe7c8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3570.62f0: 00007ffefe7c9000-00007ffefe7c9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3570.62f0: 00007ffefe7ca000-00007ffefe7ccfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3570.62f0: 00007ffefe7cd000-00007ffefe843fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3570.62f0: 00007ffefe844000-00007ffffffeffff 0x0001/0x0000 0x0000000 3570.62f0: supR3HardNtChildPurify: Done after 1039 ms and 2 fixes (loop #1). 3d18.6634: supR3HardenedVmProcessInit: uNtDllAddr=00007ffefe630000 g_uNtVerCombined=0xa0585d00 (stack ~000000bd4ccfe810) 3d18.6634: ntdll.dll: timestamp 0xa97a9ed6 (rc=VINF_SUCCESS) 3d18.6634: New simple heap: #1 0000028f3cea0000 LB 0x800000 (for 2179072 allocation) 3570.62f0: supR3HardNtEnableThreadCreationEx: 3d18.6634: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 3d18.6634: System32: \Device\HarddiskVolume5\Windows\System32 3d18.6634: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS 3d18.6634: KnownDllPath: C:\WINDOWS\System32 3d18.6634: supR3HardenedVmProcessInit: Opening vboxsup stub... 3d18.6634: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 3d18.6634: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 3d18.6634: Registered Dll notification callback with NTDLL. 3d18.6634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll) 3d18.6634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel32.dll 3d18.6634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] 3d18.6634: supR3HardenedMonitor_KiUserApcDispatcher_C: pfnRoutine=0000028f3cd60088 enmState=3 -> supR3HardenedWinDummyApcRoutine 3d18.6634: supR3HardenedWinDummyApcRoutine: pvArg1=0000028f3cd60000 pvArg2=0000000000000000 pvArg3=0000000000000000 3d18.6634: supR3HardenedDllNotificationCallback: load 00007ffefc000000 LB 0x0039c000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0] 3d18.6634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll) 3d18.6634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\KernelBase.dll 3d18.6634: supR3HardenedDllNotificationCallback: load 00007ffefc680000 LB 0x000c3000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0] 3d18.6634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 3d18.6634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc680000 'C:\WINDOWS\System32\KERNEL32.DLL' 3d18.6634: supR3HardenedDllNotificationCallback: load 00007ff7f9dc0000 LB 0x00114000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0] 3d18.6634: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 3d18.6634: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 3d18.6634: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 3d18.6634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3d18.6634: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffefe6a3e50 pvNtTerminateThread=00007ffefe6cf850 3570.62f0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 82 ms. 3d18.6634: \SystemRoot\System32\ntdll.dll: 3d18.6634: CreationTime: 2022-11-30T10:47:54.611997200Z 3d18.6634: LastWriteTime: 2022-11-30T10:47:54.653518800Z 3d18.6634: ChangeTime: 2023-01-23T07:55:09.766507900Z 3d18.6634: FileAttributes: 0x20 3d18.6634: Size: 0x212f88 3d18.6634: NT Headers: 0xe0 3d18.6634: Timestamp: 0xa97a9ed6 3d18.6634: Machine: 0x8664 - amd64 3d18.6634: Timestamp: 0xa97a9ed6 3d18.6634: Image Version: 10.0 3d18.6634: SizeOfImage: 0x214000 (2179072) 3d18.6634: Resource Dir: 0x19e000 LB 0x747c8 3d18.6634: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 3d18.6634: [Raw version resource data: 0x19e0f0 LB 0x380, codepage 0x0 (reserved 0x0)] 3d18.6634: ProductName: Microsoft® Windows® Operating System 3d18.6634: ProductVersion: 10.0.22621.900 3d18.6634: FileVersion: 10.0.22621.900 (WinBuild.160101.0800) 3d18.6634: FileDescription: NT Layer DLL 3d18.6634: \SystemRoot\System32\kernel32.dll: 3d18.6634: CreationTime: 2023-01-23T07:54:28.266970200Z 3d18.6634: LastWriteTime: 2023-01-23T07:54:28.287808400Z 3d18.6634: ChangeTime: 2023-01-23T08:05:41.567673000Z 3d18.6634: FileAttributes: 0x20 3d18.6634: Size: 0xc6118 3d18.6634: NT Headers: 0xe8 3d18.6634: Timestamp: 0xc8f98068 3d18.6634: Machine: 0x8664 - amd64 3d18.6634: Timestamp: 0xc8f98068 3d18.6634: Image Version: 10.0 3d18.6634: SizeOfImage: 0xc3000 (798720) 3d18.6634: Resource Dir: 0xc1000 LB 0x520 3d18.6634: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 3d18.6634: [Raw version resource data: 0xc10b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 3d18.6634: ProductName: Microsoft® Windows® Operating System 3d18.6634: ProductVersion: 10.0.22621.1192 3d18.6634: FileVersion: 10.0.22621.1192 (WinBuild.160101.0800) 3d18.6634: FileDescription: Windows NT BASE API Client DLL 3d18.6634: \SystemRoot\System32\KernelBase.dll: 3d18.6634: CreationTime: 2023-01-23T07:54:30.948765300Z 3d18.6634: LastWriteTime: 2023-01-23T07:54:31.075418500Z 3d18.6634: ChangeTime: 2023-01-23T08:05:41.614555000Z 3d18.6634: FileAttributes: 0x20 3d18.6634: Size: 0x3a3780 3d18.6634: NT Headers: 0x100 3d18.6634: Timestamp: 0xfaa44dd0 3d18.6634: Machine: 0x8664 - amd64 3d18.6634: Timestamp: 0xfaa44dd0 3d18.6634: Image Version: 10.0 3d18.6634: SizeOfImage: 0x39c000 (3784704) 3d18.6634: Resource Dir: 0x36b000 LB 0x548 3d18.6634: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 3d18.6634: [Raw version resource data: 0x36b0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 3d18.6634: ProductName: Microsoft® Windows® Operating System 3d18.6634: ProductVersion: 10.0.22621.1192 3d18.6634: FileVersion: 10.0.22621.1192 (WinBuild.160101.0800) 3d18.6634: FileDescription: Windows NT BASE API Client DLL 3d18.6634: \SystemRoot\System32\apisetschema.dll: 3d18.6634: CreationTime: 2023-01-23T07:54:18.790267200Z 3d18.6634: LastWriteTime: 2023-01-23T07:54:18.794216300Z 3d18.6634: ChangeTime: 2023-01-23T08:04:45.040904700Z 3d18.6634: FileAttributes: 0x20 3d18.6634: Size: 0x24560 3d18.6634: NT Headers: 0xc8 3d18.6634: Timestamp: 0x845ac5a8 3d18.6634: Machine: 0x8664 - amd64 3d18.6634: Timestamp: 0x845ac5a8 3d18.6634: Image Version: 10.0 3d18.6634: SizeOfImage: 0x23000 (143360) 3d18.6634: Resource Dir: 0x22000 LB 0x408 3d18.6634: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 3d18.6634: [Raw version resource data: 0x22060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 3d18.6634: ProductName: Microsoft® Windows® Operating System 3d18.6634: ProductVersion: 10.0.22621.1192 3d18.6634: FileVersion: 10.0.22621.1192 (WinBuild.160101.0800) 3d18.6634: FileDescription: ApiSet Schema DLL 3d18.6634: NtOpenDirectoryObject failed on \Driver: 0xc0000022 3d18.6634: supR3HardenedWinFindAdversaries: 0x4 3d18.6634: \SystemRoot\System32\drivers\aswMonFlt.sys: 3d18.6634: CreationTime: 2023-01-09T06:26:20.946486700Z 3d18.6634: LastWriteTime: 2023-01-09T06:26:17.918675600Z 3d18.6634: ChangeTime: 2023-01-09T06:26:17.918675600Z 3d18.6634: FileAttributes: 0x20 3d18.6634: Size: 0x41670 3d18.6634: NT Headers: 0xe8 3d18.6634: Timestamp: 0x6385db89 3d18.6634: Machine: 0x8664 - amd64 3d18.6634: Timestamp: 0x6385db89 3d18.6634: Image Version: 10.0 3d18.6634: SizeOfImage: 0x45000 (282624) 3d18.6634: Resource Dir: 0x43000 LB 0x3a0 3d18.6634: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 3d18.6634: [Raw version resource data: 0x43060 LB 0x340, codepage 0x0 (reserved 0x0)] 3d18.6634: ProductName: Avast Antivirus 3d18.6634: ProductVersion: 22.12.474.0 3d18.6634: FileVersion: 22.12.474.0 3d18.6634: FileDescription: Avast File System Filter 3d18.6634: \SystemRoot\System32\drivers\aswRdr2.sys: 3d18.6634: CreationTime: 2023-01-09T06:26:20.944534900Z 3d18.6634: LastWriteTime: 2023-01-09T06:26:17.879419200Z 3d18.6634: ChangeTime: 2023-01-09T06:26:17.879419200Z 3d18.6634: FileAttributes: 0x20 3d18.6634: Size: 0x19b20 3d18.6634: NT Headers: 0xe8 3d18.6634: Timestamp: 0x6385db8a 3d18.6634: Machine: 0x8664 - amd64 3d18.6634: Timestamp: 0x6385db8a 3d18.6634: Image Version: 10.0 3d18.6634: SizeOfImage: 0x1b000 (110592) 3d18.6634: Resource Dir: 0x19000 LB 0x388 3d18.6634: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 3d18.6634: [Raw version resource data: 0x19060 LB 0x324, codepage 0x0 (reserved 0x0)] 3d18.6634: ProductName: Avast Antivirus 3d18.6634: ProductVersion: 22.12.474.0 3d18.6634: FileVersion: 22.12.474.0 3d18.6634: FileDescription: Avast Antivirus 3d18.6634: \SystemRoot\System32\drivers\aswRvrt.sys: 3d18.6634: CreationTime: 2023-01-09T06:26:20.947463700Z 3d18.6634: LastWriteTime: 2023-01-09T06:26:17.940251300Z 3d18.6634: ChangeTime: 2023-01-09T06:26:17.940251300Z 3d18.6634: FileAttributes: 0x20 3d18.6634: Size: 0x139f8 3d18.6634: NT Headers: 0xe8 3d18.6634: Timestamp: 0x6385db88 3d18.6634: Machine: 0x8664 - amd64 3d18.6634: Timestamp: 0x6385db88 3d18.6634: Image Version: 10.0 3d18.6634: SizeOfImage: 0x13000 (77824) 3d18.6634: Resource Dir: 0x11000 LB 0x380 3d18.6634: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 3d18.6634: [Raw version resource data: 0x11060 LB 0x320, codepage 0x0 (reserved 0x0)] 3d18.6634: ProductName: Avast Antivirus 3d18.6634: ProductVersion: 22.12.474.0 3d18.6634: FileVersion: 22.12.474.0 3d18.6634: FileDescription: Avast Revert 3d18.6634: \SystemRoot\System32\drivers\aswSnx.sys: 3d18.6634: CreationTime: 2023-01-09T06:26:20.939101300Z 3d18.6634: LastWriteTime: 2023-01-09T06:26:12.663482100Z 3d18.6634: ChangeTime: 2023-01-09T06:26:12.663482100Z 3d18.6634: FileAttributes: 0x20 3d18.6634: Size: 0xd0020 3d18.6634: NT Headers: 0xf0 3d18.6634: Timestamp: 0x6385dba5 3d18.6634: Machine: 0x8664 - amd64 3d18.6634: Timestamp: 0x6385dba5 3d18.6634: Image Version: 10.0 3d18.6634: SizeOfImage: 0xd0000 (851968) 3d18.6634: Resource Dir: 0xcd000 LB 0x388 3d18.6634: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 3d18.6634: [Raw version resource data: 0xcd060 LB 0x324, codepage 0x0 (reserved 0x0)] 3d18.6634: ProductName: Avast Antivirus 3d18.6634: ProductVersion: 22.12.474.0 3d18.6634: FileVersion: 22.12.474.0 3d18.6634: FileDescription: Avast Antivirus 3d18.6634: \SystemRoot\System32\drivers\aswsp.sys: 3d18.6634: CreationTime: 2023-01-09T06:26:20.947463700Z 3d18.6634: LastWriteTime: 2023-02-01T14:26:26.879778500Z 3d18.6634: ChangeTime: 2023-02-01T14:26:26.879778500Z 3d18.6634: FileAttributes: 0x20 3d18.6634: Size: 0xa9cd0 3d18.6634: NT Headers: 0xe8 3d18.6634: Timestamp: 0x63d9172a 3d18.6634: Machine: 0x8664 - amd64 3d18.6634: Timestamp: 0x63d9172a 3d18.6634: Image Version: 10.0 3d18.6634: SizeOfImage: 0xac000 (704512) 3d18.6634: Resource Dir: 0xa9000 LB 0x388 3d18.6634: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 3d18.6634: [Raw version resource data: 0xa9060 LB 0x328, codepage 0x0 (reserved 0x0)] 3d18.6634: ProductName: Avast Antivirus 3d18.6634: ProductVersion: 22.12.501.0 3d18.6634: FileVersion: 22.12.501.0 3d18.6634: FileDescription: Avast Self Protection 3d18.6634: \SystemRoot\System32\drivers\aswStm.sys: 3d18.6634: CreationTime: 2023-01-09T06:26:20.950392400Z 3d18.6634: LastWriteTime: 2023-01-09T06:26:18.270876600Z 3d18.6634: ChangeTime: 2023-01-09T06:26:18.270876600Z 3d18.6634: FileAttributes: 0x20 3d18.6634: Size: 0x33e98 3d18.6634: NT Headers: 0xf0 3d18.6634: Timestamp: 0x6385db9e 3d18.6634: Machine: 0x8664 - amd64 3d18.6634: Timestamp: 0x6385db9e 3d18.6634: Image Version: 10.0 3d18.6634: SizeOfImage: 0x35000 (217088) 3d18.6634: Resource Dir: 0x33000 LB 0x390 3d18.6634: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 3d18.6634: [Raw version resource data: 0x33060 LB 0x32c, codepage 0x0 (reserved 0x0)] 3d18.6634: ProductName: Avast Antivirus 3d18.6634: ProductVersion: 22.12.474.0 3d18.6634: FileVersion: 22.12.474.0 3d18.6634: FileDescription: Avast Stream Filter 3d18.6634: \SystemRoot\System32\drivers\aswVmm.sys: 3d18.6634: CreationTime: 2023-01-09T06:26:20.951949700Z 3d18.6634: LastWriteTime: 2023-01-09T06:26:19.193172200Z 3d18.6634: ChangeTime: 2023-01-09T06:26:19.193172200Z 3d18.6634: FileAttributes: 0x20 3d18.6634: Size: 0x4dbf8 3d18.6634: NT Headers: 0xf8 3d18.6634: Timestamp: 0x6385db98 3d18.6634: Machine: 0x8664 - amd64 3d18.6634: Timestamp: 0x6385db98 3d18.6634: Image Version: 10.0 3d18.6634: SizeOfImage: 0x4c000 (311296) 3d18.6634: Resource Dir: 0x4a000 LB 0x388 3d18.6634: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 3d18.6634: [Raw version resource data: 0x4a060 LB 0x328, codepage 0x0 (reserved 0x0)] 3d18.6634: ProductName: Avast Antivirus 3d18.6634: ProductVersion: 22.12.474.0 3d18.6634: FileVersion: 22.12.474.0 3d18.6634: FileDescription: Avast VM Monitor 3d18.6634: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 3d18.6634: Calling main() 3d18.6634: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 3d18.6634: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 3d18.6634: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 3d18.6634: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 3d18.6634: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 3d18.6634: SUPR3HardenedMain: Respawn #2 3d18.6634: supR3HardNtEnableThreadCreationEx: 3d18.6634: supR3HardenedDllNotificationCallback: load 00007ffefc8b0000 LB 0x000a4000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0] 3d18.6634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\sechost.dll) 3d18.6634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\sechost.dll 3d18.6634: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports 3d18.6634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ntdll.dll) 3d18.6634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3d18.6634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 3d18.6634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe630000 'C:\WINDOWS\System32\ntdll.dll' 3d18.6634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\KernelBase.dll [lacks WinVerifyTrust] 3d18.6634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KernelBase.dll (Input=KernelBase, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 3d18.6634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'C:\WINDOWS\System32\KernelBase.dll' 3d18.6634: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffefe6a3e50 pvNtTerminateThread=00007ffefe6cf850 3d18.6634: supR3HardenedWinDoReSpawn(2): New child 5b34.3c5c [kernel32]. 3d18.6634: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless) 3d18.6634: supR3HardNtChildGatherData: PebBaseAddress=000000aa127d4000 cbPeb=0x388 3d18.6634: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffefe630000 uNtDllChildAddr=00007ffefe630000 3d18.6634: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffefe6a3e50 3d18.6634: supR3HardenedWinSetupChildInit: Initial context: rax=0000000000000000 rbx=0000000000000000 rcx=00007ff7f9dcb7a0 rdx=000000aa127d4000 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000 rip=00007ffefe68df90 rsp=000000aa128ff868 rbp=0000000000000000 ctxflags=0010001b cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000 3d18.6634: kernel32.dll: timestamp 0xc8f98068 (rc=VINF_SUCCESS) 3d18.6634: supR3HardenedWinSetupChildInit: Start child. 3d18.6634: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 3d18.6634: supR3HardNtChildPurify: Startup delay kludge #1/0: 519 ms, 60 sleeps 3d18.6634: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 3d18.6634: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000 3d18.6634: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 3d18.6634: 000000007ffe1000-000000007ffebfff 0x0001/0x0000 0x0000000 3d18.6634: *000000007ffec000-000000007ffecfff 0x0002/0x0002 0x0020000 3d18.6634: 000000007ffed000-000000aa125fffff 0x0001/0x0000 0x0000000 3d18.6634: *000000aa12600000-000000aa127d3fff 0x0000/0x0004 0x0020000 3d18.6634: 000000aa127d4000-000000aa127d6fff 0x0004/0x0004 0x0020000 3d18.6634: 000000aa127d7000-000000aa127fffff 0x0000/0x0004 0x0020000 3d18.6634: *000000aa12800000-000000aa128fafff 0x0000/0x0004 0x0020000 3d18.6634: 000000aa128fb000-000000aa128fdfff 0x0104/0x0004 0x0020000 3d18.6634: 000000aa128fe000-000000aa128fffff 0x0004/0x0004 0x0020000 3d18.6634: 000000aa12900000-0000028f0e63ffff 0x0001/0x0000 0x0000000 3d18.6634: *0000028f0e640000-0000028f0e65ffff 0x0004/0x0004 0x0020000 3d18.6634: *0000028f0e660000-0000028f0e67efff 0x0002/0x0002 0x0040000 3d18.6634: 0000028f0e67f000-0000028f0e67ffff 0x0001/0x0000 0x0000000 3d18.6634: *0000028f0e680000-0000028f0e680fff 0x0020/0x0020 0x0040000 !! 3d18.6634: supHardNtVpScanVirtualMemory: Unmapping exec mem at 0000028f0e680000 (0000028f0e680000/0000028f0e680000 LB 0x1000) 3d18.6634: 0000028f0e681000-0000028f0e68ffff 0x0001/0x0000 0x0000000 3d18.6634: *0000028f0e690000-0000028f0e693fff 0x0002/0x0002 0x0040000 3d18.6634: 0000028f0e694000-0000028f0e69ffff 0x0001/0x0000 0x0000000 3d18.6634: *0000028f0e6a0000-0000028f0e6a0fff 0x0002/0x0002 0x0040000 3d18.6634: 0000028f0e6a1000-0000028f0e6affff 0x0001/0x0000 0x0000000 3d18.6634: *0000028f0e6b0000-0000028f0e6b1fff 0x0004/0x0004 0x0020000 3d18.6634: 0000028f0e6b2000-00007df5acb1ffff 0x0001/0x0000 0x0000000 3d18.6634: *00007df5acb20000-00007df5acb20fff 0x0002/0x0002 0x0040000 3d18.6634: 00007df5acb21000-00007df5acb2ffff 0x0001/0x0000 0x0000000 3d18.6634: *00007df5acb30000-00007df5ae4eafff 0x0000/0x0001 0x0040000 3d18.6634: 00007df5ae4eb000-00007df5ae573fff 0x0001/0x0001 0x0040000 3d18.6634: 00007df5ae574000-00007df5ae920fff 0x0000/0x0001 0x0040000 3d18.6634: 00007df5ae921000-00007df5ae921fff 0x0001/0x0001 0x0040000 3d18.6634: 00007df5ae922000-00007dffe8ec9fff 0x0000/0x0001 0x0040000 3d18.6634: 00007dffe8eca000-00007dffe8ecafff 0x0002/0x0001 0x0040000 3d18.6634: 00007dffe8ecb000-00007ff58c9a6fff 0x0000/0x0001 0x0040000 3d18.6634: 00007ff58c9a7000-00007ff58c9abfff 0x0002/0x0001 0x0040000 3d18.6634: 00007ff58c9ac000-00007ff5a3843fff 0x0000/0x0001 0x0040000 3d18.6634: 00007ff5a3844000-00007ff5a8ac7fff 0x0001/0x0001 0x0040000 3d18.6634: 00007ff5a8ac8000-00007ff5a8ad1fff 0x0002/0x0001 0x0040000 3d18.6634: 00007ff5a8ad2000-00007ff5acb2ffff 0x0000/0x0001 0x0040000 3d18.6634: 00007ff5acb30000-00007ff7f9dbffff 0x0001/0x0000 0x0000000 3d18.6634: *00007ff7f9dc0000-00007ff7f9dc0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3d18.6634: 00007ff7f9dc1000-00007ff7f9e2afff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3d18.6634: 00007ff7f9e2b000-00007ff7f9e2bfff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3d18.6634: 00007ff7f9e2c000-00007ff7f9e7efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3d18.6634: 00007ff7f9e7f000-00007ff7f9e7ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3d18.6634: 00007ff7f9e80000-00007ff7f9e80fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3d18.6634: 00007ff7f9e81000-00007ff7f9e85fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3d18.6634: 00007ff7f9e86000-00007ff7f9e8bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3d18.6634: 00007ff7f9e8c000-00007ff7f9ed3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3d18.6634: 00007ff7f9ed4000-00007ffefe62ffff 0x0001/0x0000 0x0000000 3d18.6634: *00007ffefe630000-00007ffefe630fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3d18.6634: 00007ffefe631000-00007ffefe760fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3d18.6634: 00007ffefe761000-00007ffefe7adfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3d18.6634: 00007ffefe7ae000-00007ffefe7b9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3d18.6634: 00007ffefe7ba000-00007ffefe7c8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3d18.6634: 00007ffefe7c9000-00007ffefe7c9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3d18.6634: 00007ffefe7ca000-00007ffefe7ccfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3d18.6634: 00007ffefe7cd000-00007ffefe843fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3d18.6634: 00007ffefe844000-00007ffffffeffff 0x0001/0x0000 0x0000000 3d18.6634: VirtualBoxVM.exe: timestamp 0x63bee674 (rc=VINF_SUCCESS) 3d18.6634: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 3d18.6634: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 3d18.6634: VirtualBoxVM.exe: Differences in section #8 (.rsrc) between file and memory: 3d18.6634: 00007ff7f9ed25f4 / 0x01125f4: 00 != 50 3d18.6634: 00007ff7f9ed25f5 / 0x01125f5: 00 != 41 3d18.6634: 00007ff7f9ed25f6 / 0x01125f6: 00 != 44 3d18.6634: 00007ff7f9ed25f7 / 0x01125f7: 00 != 44 3d18.6634: 00007ff7f9ed25f8 / 0x01125f8: 00 != 49 3d18.6634: 00007ff7f9ed25f9 / 0x01125f9: 00 != 4e 3d18.6634: 00007ff7f9ed25fa / 0x01125fa: 00 != 47 3d18.6634: 00007ff7f9ed25fb / 0x01125fb: 00 != 58 3d18.6634: 00007ff7f9ed25fc / 0x01125fc: 00 != 58 3d18.6634: 00007ff7f9ed25fd / 0x01125fd: 00 != 50 3d18.6634: 00007ff7f9ed25fe / 0x01125fe: 00 != 41 3d18.6634: 00007ff7f9ed25ff / 0x01125ff: 00 != 44 3d18.6634: Restored 0xa0c bytes of original file content at 00007ff7f9ed25f4 3d18.6634: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports 3d18.6634: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x4 3d18.6634: supR3HardNtChildPurify: Startup delay kludge #1/1: 518 ms, 60 sleeps 3d18.6634: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 3d18.6634: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000 3d18.6634: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 3d18.6634: 000000007ffe1000-000000007ffebfff 0x0001/0x0000 0x0000000 3d18.6634: *000000007ffec000-000000007ffecfff 0x0002/0x0002 0x0020000 3d18.6634: 000000007ffed000-000000aa125fffff 0x0001/0x0000 0x0000000 3d18.6634: *000000aa12600000-000000aa127d3fff 0x0000/0x0004 0x0020000 3d18.6634: 000000aa127d4000-000000aa127d6fff 0x0004/0x0004 0x0020000 3d18.6634: 000000aa127d7000-000000aa127fffff 0x0000/0x0004 0x0020000 3d18.6634: *000000aa12800000-000000aa128fafff 0x0000/0x0004 0x0020000 3d18.6634: 000000aa128fb000-000000aa128fdfff 0x0104/0x0004 0x0020000 3d18.6634: 000000aa128fe000-000000aa128fffff 0x0004/0x0004 0x0020000 3d18.6634: 000000aa12900000-0000028f0e63ffff 0x0001/0x0000 0x0000000 3d18.6634: *0000028f0e640000-0000028f0e65ffff 0x0004/0x0004 0x0020000 3d18.6634: *0000028f0e660000-0000028f0e67efff 0x0002/0x0002 0x0040000 3d18.6634: 0000028f0e67f000-0000028f0e68ffff 0x0001/0x0000 0x0000000 3d18.6634: *0000028f0e690000-0000028f0e693fff 0x0002/0x0002 0x0040000 3d18.6634: 0000028f0e694000-0000028f0e69ffff 0x0001/0x0000 0x0000000 3d18.6634: *0000028f0e6a0000-0000028f0e6a0fff 0x0002/0x0002 0x0040000 3d18.6634: 0000028f0e6a1000-0000028f0e6affff 0x0001/0x0000 0x0000000 3d18.6634: *0000028f0e6b0000-0000028f0e6b1fff 0x0004/0x0004 0x0020000 3d18.6634: 0000028f0e6b2000-00007df5acb1ffff 0x0001/0x0000 0x0000000 3d18.6634: *00007df5acb20000-00007df5acb20fff 0x0002/0x0002 0x0040000 3d18.6634: 00007df5acb21000-00007df5acb2ffff 0x0001/0x0000 0x0000000 3d18.6634: *00007df5acb30000-00007df5ae4eafff 0x0000/0x0001 0x0040000 3d18.6634: 00007df5ae4eb000-00007df5ae573fff 0x0001/0x0001 0x0040000 3d18.6634: 00007df5ae574000-00007df5ae920fff 0x0000/0x0001 0x0040000 3d18.6634: 00007df5ae921000-00007df5ae921fff 0x0001/0x0001 0x0040000 3d18.6634: 00007df5ae922000-00007dffe8ec9fff 0x0000/0x0001 0x0040000 3d18.6634: 00007dffe8eca000-00007dffe8ecafff 0x0002/0x0001 0x0040000 3d18.6634: 00007dffe8ecb000-00007ff58c9a6fff 0x0000/0x0001 0x0040000 3d18.6634: 00007ff58c9a7000-00007ff58c9abfff 0x0002/0x0001 0x0040000 3d18.6634: 00007ff58c9ac000-00007ff5a3843fff 0x0000/0x0001 0x0040000 3d18.6634: 00007ff5a3844000-00007ff5a8ac7fff 0x0001/0x0001 0x0040000 3d18.6634: 00007ff5a8ac8000-00007ff5a8ad1fff 0x0002/0x0001 0x0040000 3d18.6634: 00007ff5a8ad2000-00007ff5acb2ffff 0x0000/0x0001 0x0040000 3d18.6634: 00007ff5acb30000-00007ff7f9dbffff 0x0001/0x0000 0x0000000 3d18.6634: *00007ff7f9dc0000-00007ff7f9dc0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3d18.6634: 00007ff7f9dc1000-00007ff7f9e2afff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3d18.6634: 00007ff7f9e2b000-00007ff7f9e2bfff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3d18.6634: 00007ff7f9e2c000-00007ff7f9e7efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3d18.6634: 00007ff7f9e7f000-00007ff7f9e8bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3d18.6634: 00007ff7f9e8c000-00007ff7f9ed3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3d18.6634: 00007ff7f9ed4000-00007ffefe62ffff 0x0001/0x0000 0x0000000 3d18.6634: *00007ffefe630000-00007ffefe630fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3d18.6634: 00007ffefe631000-00007ffefe760fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3d18.6634: 00007ffefe761000-00007ffefe7adfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3d18.6634: 00007ffefe7ae000-00007ffefe7b1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3d18.6634: 00007ffefe7b2000-00007ffefe7b9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3d18.6634: 00007ffefe7ba000-00007ffefe7c8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3d18.6634: 00007ffefe7c9000-00007ffefe7c9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3d18.6634: 00007ffefe7ca000-00007ffefe7ccfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3d18.6634: 00007ffefe7cd000-00007ffefe843fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 3d18.6634: 00007ffefe844000-00007ffffffeffff 0x0001/0x0000 0x0000000 3d18.6634: supR3HardNtChildPurify: Done after 1074 ms and 2 fixes (loop #1). 5b34.3c5c: supR3HardenedVmProcessInit: uNtDllAddr=00007ffefe630000 g_uNtVerCombined=0xa0585d00 (stack ~000000aa128fe630) 3d18.6634: supR3HardenedEarlyCompact: Removed heap 1 (0x00028f3cea0000 LB 0x800000) 5b34.3c5c: ntdll.dll: timestamp 0xa97a9ed6 (rc=VINF_SUCCESS) 3d18.6634: supR3HardNtEnableThreadCreationEx: 5b34.3c5c: New simple heap: #1 0000028f0e7c0000 LB 0x800000 (for 2179072 allocation) 5b34.3c5c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 5b34.3c5c: System32: \Device\HarddiskVolume5\Windows\System32 5b34.3c5c: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS 5b34.3c5c: KnownDllPath: C:\WINDOWS\System32 5b34.3c5c: supR3HardenedVmProcessInit: Opening vboxsup... 5b34.3c5c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 5b34.3c5c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 5b34.3c5c: Registered Dll notification callback with NTDLL. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel32.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] 5b34.3c5c: supR3HardenedMonitor_KiUserApcDispatcher_C: pfnRoutine=0000028f0e680088 enmState=4 -> supR3HardenedWinDummyApcRoutine 5b34.3c5c: supR3HardenedWinDummyApcRoutine: pvArg1=0000028f0e680000 pvArg2=0000000000000000 pvArg3=0000000000000000 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefc000000 LB 0x0039c000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0] 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\KernelBase.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefc680000 LB 0x000c3000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc680000 'C:\WINDOWS\System32\KERNEL32.DLL' 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ff7f9dc0000 LB 0x00114000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0] 5b34.3c5c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 5b34.3c5c: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 5b34.3c5c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffefe6a3e50 pvNtTerminateThread=00007ffefe6cf850 3d18.6634: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 192 ms. 5b34.3c5c: \SystemRoot\System32\ntdll.dll: 5b34.3c5c: CreationTime: 2022-11-30T10:47:54.611997200Z 5b34.3c5c: LastWriteTime: 2022-11-30T10:47:54.653518800Z 5b34.3c5c: ChangeTime: 2023-01-23T07:55:09.766507900Z 5b34.3c5c: FileAttributes: 0x20 5b34.3c5c: Size: 0x212f88 5b34.3c5c: NT Headers: 0xe0 5b34.3c5c: Timestamp: 0xa97a9ed6 5b34.3c5c: Machine: 0x8664 - amd64 5b34.3c5c: Timestamp: 0xa97a9ed6 5b34.3c5c: Image Version: 10.0 5b34.3c5c: SizeOfImage: 0x214000 (2179072) 5b34.3c5c: Resource Dir: 0x19e000 LB 0x747c8 5b34.3c5c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 5b34.3c5c: [Raw version resource data: 0x19e0f0 LB 0x380, codepage 0x0 (reserved 0x0)] 5b34.3c5c: ProductName: Microsoft® Windows® Operating System 5b34.3c5c: ProductVersion: 10.0.22621.900 5b34.3c5c: FileVersion: 10.0.22621.900 (WinBuild.160101.0800) 5b34.3c5c: FileDescription: NT Layer DLL 5b34.3c5c: \SystemRoot\System32\kernel32.dll: 5b34.3c5c: CreationTime: 2023-01-23T07:54:28.266970200Z 5b34.3c5c: LastWriteTime: 2023-01-23T07:54:28.287808400Z 5b34.3c5c: ChangeTime: 2023-01-23T08:05:41.567673000Z 5b34.3c5c: FileAttributes: 0x20 5b34.3c5c: Size: 0xc6118 5b34.3c5c: NT Headers: 0xe8 5b34.3c5c: Timestamp: 0xc8f98068 5b34.3c5c: Machine: 0x8664 - amd64 5b34.3c5c: Timestamp: 0xc8f98068 5b34.3c5c: Image Version: 10.0 5b34.3c5c: SizeOfImage: 0xc3000 (798720) 5b34.3c5c: Resource Dir: 0xc1000 LB 0x520 5b34.3c5c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 5b34.3c5c: [Raw version resource data: 0xc10b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 5b34.3c5c: ProductName: Microsoft® Windows® Operating System 5b34.3c5c: ProductVersion: 10.0.22621.1192 5b34.3c5c: FileVersion: 10.0.22621.1192 (WinBuild.160101.0800) 5b34.3c5c: FileDescription: Windows NT BASE API Client DLL 5b34.3c5c: \SystemRoot\System32\KernelBase.dll: 5b34.3c5c: CreationTime: 2023-01-23T07:54:30.948765300Z 5b34.3c5c: LastWriteTime: 2023-01-23T07:54:31.075418500Z 5b34.3c5c: ChangeTime: 2023-01-23T08:05:41.614555000Z 5b34.3c5c: FileAttributes: 0x20 5b34.3c5c: Size: 0x3a3780 5b34.3c5c: NT Headers: 0x100 5b34.3c5c: Timestamp: 0xfaa44dd0 5b34.3c5c: Machine: 0x8664 - amd64 5b34.3c5c: Timestamp: 0xfaa44dd0 5b34.3c5c: Image Version: 10.0 5b34.3c5c: SizeOfImage: 0x39c000 (3784704) 5b34.3c5c: Resource Dir: 0x36b000 LB 0x548 5b34.3c5c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 5b34.3c5c: [Raw version resource data: 0x36b0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 5b34.3c5c: ProductName: Microsoft® Windows® Operating System 5b34.3c5c: ProductVersion: 10.0.22621.1192 5b34.3c5c: FileVersion: 10.0.22621.1192 (WinBuild.160101.0800) 5b34.3c5c: FileDescription: Windows NT BASE API Client DLL 5b34.3c5c: \SystemRoot\System32\apisetschema.dll: 5b34.3c5c: CreationTime: 2023-01-23T07:54:18.790267200Z 5b34.3c5c: LastWriteTime: 2023-01-23T07:54:18.794216300Z 5b34.3c5c: ChangeTime: 2023-01-23T08:04:45.040904700Z 5b34.3c5c: FileAttributes: 0x20 5b34.3c5c: Size: 0x24560 5b34.3c5c: NT Headers: 0xc8 5b34.3c5c: Timestamp: 0x845ac5a8 5b34.3c5c: Machine: 0x8664 - amd64 5b34.3c5c: Timestamp: 0x845ac5a8 5b34.3c5c: Image Version: 10.0 5b34.3c5c: SizeOfImage: 0x23000 (143360) 5b34.3c5c: Resource Dir: 0x22000 LB 0x408 5b34.3c5c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 5b34.3c5c: [Raw version resource data: 0x22060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 5b34.3c5c: ProductName: Microsoft® Windows® Operating System 5b34.3c5c: ProductVersion: 10.0.22621.1192 5b34.3c5c: FileVersion: 10.0.22621.1192 (WinBuild.160101.0800) 5b34.3c5c: FileDescription: ApiSet Schema DLL 5b34.3c5c: NtOpenDirectoryObject failed on \Driver: 0xc0000022 5b34.3c5c: supR3HardenedWinFindAdversaries: 0x4 5b34.3c5c: \SystemRoot\System32\drivers\aswMonFlt.sys: 5b34.3c5c: CreationTime: 2023-01-09T06:26:20.946486700Z 5b34.3c5c: LastWriteTime: 2023-01-09T06:26:17.918675600Z 5b34.3c5c: ChangeTime: 2023-01-09T06:26:17.918675600Z 5b34.3c5c: FileAttributes: 0x20 5b34.3c5c: Size: 0x41670 5b34.3c5c: NT Headers: 0xe8 5b34.3c5c: Timestamp: 0x6385db89 5b34.3c5c: Machine: 0x8664 - amd64 5b34.3c5c: Timestamp: 0x6385db89 5b34.3c5c: Image Version: 10.0 5b34.3c5c: SizeOfImage: 0x45000 (282624) 5b34.3c5c: Resource Dir: 0x43000 LB 0x3a0 5b34.3c5c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 5b34.3c5c: [Raw version resource data: 0x43060 LB 0x340, codepage 0x0 (reserved 0x0)] 5b34.3c5c: ProductName: Avast Antivirus 5b34.3c5c: ProductVersion: 22.12.474.0 5b34.3c5c: FileVersion: 22.12.474.0 5b34.3c5c: FileDescription: Avast File System Filter 5b34.3c5c: \SystemRoot\System32\drivers\aswRdr2.sys: 5b34.3c5c: CreationTime: 2023-01-09T06:26:20.944534900Z 5b34.3c5c: LastWriteTime: 2023-01-09T06:26:17.879419200Z 5b34.3c5c: ChangeTime: 2023-01-09T06:26:17.879419200Z 5b34.3c5c: FileAttributes: 0x20 5b34.3c5c: Size: 0x19b20 5b34.3c5c: NT Headers: 0xe8 5b34.3c5c: Timestamp: 0x6385db8a 5b34.3c5c: Machine: 0x8664 - amd64 5b34.3c5c: Timestamp: 0x6385db8a 5b34.3c5c: Image Version: 10.0 5b34.3c5c: SizeOfImage: 0x1b000 (110592) 5b34.3c5c: Resource Dir: 0x19000 LB 0x388 5b34.3c5c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 5b34.3c5c: [Raw version resource data: 0x19060 LB 0x324, codepage 0x0 (reserved 0x0)] 5b34.3c5c: ProductName: Avast Antivirus 5b34.3c5c: ProductVersion: 22.12.474.0 5b34.3c5c: FileVersion: 22.12.474.0 5b34.3c5c: FileDescription: Avast Antivirus 5b34.3c5c: \SystemRoot\System32\drivers\aswRvrt.sys: 5b34.3c5c: CreationTime: 2023-01-09T06:26:20.947463700Z 5b34.3c5c: LastWriteTime: 2023-01-09T06:26:17.940251300Z 5b34.3c5c: ChangeTime: 2023-01-09T06:26:17.940251300Z 5b34.3c5c: FileAttributes: 0x20 5b34.3c5c: Size: 0x139f8 5b34.3c5c: NT Headers: 0xe8 5b34.3c5c: Timestamp: 0x6385db88 5b34.3c5c: Machine: 0x8664 - amd64 5b34.3c5c: Timestamp: 0x6385db88 5b34.3c5c: Image Version: 10.0 5b34.3c5c: SizeOfImage: 0x13000 (77824) 5b34.3c5c: Resource Dir: 0x11000 LB 0x380 5b34.3c5c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 5b34.3c5c: [Raw version resource data: 0x11060 LB 0x320, codepage 0x0 (reserved 0x0)] 5b34.3c5c: ProductName: Avast Antivirus 5b34.3c5c: ProductVersion: 22.12.474.0 5b34.3c5c: FileVersion: 22.12.474.0 5b34.3c5c: FileDescription: Avast Revert 5b34.3c5c: \SystemRoot\System32\drivers\aswSnx.sys: 5b34.3c5c: CreationTime: 2023-01-09T06:26:20.939101300Z 5b34.3c5c: LastWriteTime: 2023-01-09T06:26:12.663482100Z 5b34.3c5c: ChangeTime: 2023-01-09T06:26:12.663482100Z 5b34.3c5c: FileAttributes: 0x20 5b34.3c5c: Size: 0xd0020 5b34.3c5c: NT Headers: 0xf0 5b34.3c5c: Timestamp: 0x6385dba5 5b34.3c5c: Machine: 0x8664 - amd64 5b34.3c5c: Timestamp: 0x6385dba5 5b34.3c5c: Image Version: 10.0 5b34.3c5c: SizeOfImage: 0xd0000 (851968) 5b34.3c5c: Resource Dir: 0xcd000 LB 0x388 5b34.3c5c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 5b34.3c5c: [Raw version resource data: 0xcd060 LB 0x324, codepage 0x0 (reserved 0x0)] 5b34.3c5c: ProductName: Avast Antivirus 5b34.3c5c: ProductVersion: 22.12.474.0 5b34.3c5c: FileVersion: 22.12.474.0 5b34.3c5c: FileDescription: Avast Antivirus 5b34.3c5c: \SystemRoot\System32\drivers\aswsp.sys: 5b34.3c5c: CreationTime: 2023-01-09T06:26:20.947463700Z 5b34.3c5c: LastWriteTime: 2023-02-01T14:26:26.879778500Z 5b34.3c5c: ChangeTime: 2023-02-01T14:26:26.879778500Z 5b34.3c5c: FileAttributes: 0x20 5b34.3c5c: Size: 0xa9cd0 5b34.3c5c: NT Headers: 0xe8 5b34.3c5c: Timestamp: 0x63d9172a 5b34.3c5c: Machine: 0x8664 - amd64 5b34.3c5c: Timestamp: 0x63d9172a 5b34.3c5c: Image Version: 10.0 5b34.3c5c: SizeOfImage: 0xac000 (704512) 5b34.3c5c: Resource Dir: 0xa9000 LB 0x388 5b34.3c5c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 5b34.3c5c: [Raw version resource data: 0xa9060 LB 0x328, codepage 0x0 (reserved 0x0)] 5b34.3c5c: ProductName: Avast Antivirus 5b34.3c5c: ProductVersion: 22.12.501.0 5b34.3c5c: FileVersion: 22.12.501.0 5b34.3c5c: FileDescription: Avast Self Protection 5b34.3c5c: \SystemRoot\System32\drivers\aswStm.sys: 5b34.3c5c: CreationTime: 2023-01-09T06:26:20.950392400Z 5b34.3c5c: LastWriteTime: 2023-01-09T06:26:18.270876600Z 5b34.3c5c: ChangeTime: 2023-01-09T06:26:18.270876600Z 5b34.3c5c: FileAttributes: 0x20 5b34.3c5c: Size: 0x33e98 5b34.3c5c: NT Headers: 0xf0 5b34.3c5c: Timestamp: 0x6385db9e 5b34.3c5c: Machine: 0x8664 - amd64 5b34.3c5c: Timestamp: 0x6385db9e 5b34.3c5c: Image Version: 10.0 5b34.3c5c: SizeOfImage: 0x35000 (217088) 5b34.3c5c: Resource Dir: 0x33000 LB 0x390 5b34.3c5c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 5b34.3c5c: [Raw version resource data: 0x33060 LB 0x32c, codepage 0x0 (reserved 0x0)] 5b34.3c5c: ProductName: Avast Antivirus 5b34.3c5c: ProductVersion: 22.12.474.0 5b34.3c5c: FileVersion: 22.12.474.0 5b34.3c5c: FileDescription: Avast Stream Filter 5b34.3c5c: \SystemRoot\System32\drivers\aswVmm.sys: 5b34.3c5c: CreationTime: 2023-01-09T06:26:20.951949700Z 5b34.3c5c: LastWriteTime: 2023-01-09T06:26:19.193172200Z 5b34.3c5c: ChangeTime: 2023-01-09T06:26:19.193172200Z 5b34.3c5c: FileAttributes: 0x20 5b34.3c5c: Size: 0x4dbf8 5b34.3c5c: NT Headers: 0xf8 5b34.3c5c: Timestamp: 0x6385db98 5b34.3c5c: Machine: 0x8664 - amd64 5b34.3c5c: Timestamp: 0x6385db98 5b34.3c5c: Image Version: 10.0 5b34.3c5c: SizeOfImage: 0x4c000 (311296) 5b34.3c5c: Resource Dir: 0x4a000 LB 0x388 5b34.3c5c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 5b34.3c5c: [Raw version resource data: 0x4a060 LB 0x328, codepage 0x0 (reserved 0x0)] 5b34.3c5c: ProductName: Avast Antivirus 5b34.3c5c: ProductVersion: 22.12.474.0 5b34.3c5c: FileVersion: 22.12.474.0 5b34.3c5c: FileDescription: Avast VM Monitor 5b34.3c5c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 5b34.3c5c: Calling main() 5b34.3c5c: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 5b34.3c5c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 5b34.3c5c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 5b34.3c5c: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 5b34.3c5c: SUPR3HardenedMain: Final process, opening VBoxDrv... 5b34.3c5c: supR3HardenedEarlyCompact: Removed heap 1 (0x00028f0e7c0000 LB 0x800000) 5b34.3c5c: supR3HardNtEnableThreadCreationEx: 5b34.3c5c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll: Signature #1/2: info status: 24202 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (24202) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef7110000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (24202) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (24202) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef7110000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (24202) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef7110000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef7110000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wintrust.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wintrust.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcrt.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcrt.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefe540000 LB 0x000a7000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefcbd0000 LB 0x00115000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefbe70000 LB 0x0006b000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefbb60000 LB 0x00111000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0] 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ucrtbase.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ucrtbase.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefbd00000 LB 0x00166000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0] 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\crypt32.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\crypt32.dll 5b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-synch-l1-2-0' 5b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-fibers-l1-1-1' 5b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-synch-l1-2-0' 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msasn1.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msasn1.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefb700000 LB 0x00012000 C:\WINDOWS\SYSTEM32\MSASN1.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbe70000 'C:\WINDOWS\system32\Wintrust.dll' 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\bcrypt.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\bcrypt.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefb410000 LB 0x00028000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb410000 'C:\WINDOWS\system32\bcrypt.dll' 5b34.3c5c: bcrypt.dll loaded at 00007ffefb410000, BCryptOpenAlgorithmProvider at 00007ffefb4141c0, preloading providers: 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefbc80000 LB 0x0007b000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbc80000 'C:\WINDOWS\system32\bcryptprimitives.dll' 5b34.3c5c: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000028f0f142440) 5b34.3c5c: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000028f0f145070) 5b34.3c5c: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000028f0f1453c0) 5b34.3c5c: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000028f0f145710) 5b34.3c5c: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000028f0f145a60) 5b34.3c5c: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000028f0f145db0) 5b34.3c5c: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000028f0f146100) 5b34.3c5c: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000028f0f146450) 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\cryptsp.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cryptsp.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefb200000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\rsaenh.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\rsaenh.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefa9f0000 LB 0x00035000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\cryptbase.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cryptbase.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefb1e0000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc680000 'C:\WINDOWS\System32\kernel32.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbe70000 'C:\WINDOWS\System32\WINTRUST.DLL' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\CRYPT32.dll' 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefd210000 LB 0x0001f000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0] 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\imagehlp.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\imagehlp.dll 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefc8b0000 LB 0x000a4000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0] 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\sechost.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\sechost.dll 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\gpapi.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\gpapi.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefaf50000 LB 0x00026000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gpapi.dll [lacks WinVerifyTrust] 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\profapi.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\profapi.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefb9a0000 LB 0x00021000 C:\WINDOWS\SYSTEM32\profapi.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\profapi.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\cryptnet.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cryptnet.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume5\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffed1060000 LB 0x00032000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1060000 'C:\WINDOWS\System32\cryptnet.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1060000 'C:\WINDOWS\System32\cryptnet.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1060000 'C:\WINDOWS\System32\cryptnet.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1060000 'C:\WINDOWS\System32\cryptnet.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1060000 'C:\WINDOWS\System32\cryptnet.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1060000 'C:\WINDOWS\System32\cryptnet.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1060000 'C:\WINDOWS\System32\cryptnet.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1060000 'C:\WINDOWS\System32\cryptnet.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1060000 'C:\WINDOWS\System32\cryptnet.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1060000 'C:\WINDOWS\System32\cryptnet.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1060000 'C:\WINDOWS\System32\cryptnet.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1060000 'C:\WINDOWS\System32\cryptnet.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1060000 'C:\Windows\System32\cryptnet.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcbd0000 'C:\WINDOWS\System32\rpcrt4.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefdb80000 LB 0x000ae000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\advapi32.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\advapi32.dll 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume5\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\sechost.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000028f0f17c890 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000028f0f17c890 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3D5FCA8EDCFD5BB5595ED9D320C21FB18E3FE9DB 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package051420~31bf3856ad364e35~amd64~~10.0.22621.963.cat'; file='\SystemRoot\System32\ntdll.dll' 5b34.3c5c: g_pfnWinVerifyTrust=00007ffefbe824c0 5b34.3c5c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [redoing WinVerifyTrust] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\crypt32.dll' 5b34.3c5c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [redoing WinVerifyTrust] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\wintrust.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\cryptnet.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\profapi.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\gpapi.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\sechost.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\imagehlp.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\cryptbase.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\rsaenh.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\cryptsp.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\bcrypt.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\msasn1.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\ucrtbase.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\KernelBase.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\kernel32.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\system32\crypt32.dll' 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x670683072a91b300 C=US, O=Microsoft Corporation, CN=Microsoft Identity Verification Root Certificate Authority 2020 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xbbde687390e6bf00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xd12c4ca4bfded900 OU=generated by Avast Antivirus for SSL/TLS scanning, O=Avast Web/Mail Shield, CN=Avast Web/Mail Shield Root 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xf966ca73e8079500 OU=GlobalSign Root CA - R6, O=GlobalSign, CN=GlobalSign 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp. 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x26c2e295b78ebf00 C=PA, ST=Panama, L=Panama City, O=TrustCor Systems S. de R.L., OU=TrustCor Certificate Authority, CN=TrustCor RootCert CA-1 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d993fde1950a700 C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xbbde687390e6bf00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x80d5e6f878f9bd00 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 2 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x3714f47324e8ad00 C=US, O=Internet Security Research Group, CN=ISRG Root X1 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xcb7d2ba3dd0ff900 C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority RSA 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x362d8807333b600 C=US, O=DigiCert, Inc., CN=DigiCert CS RSA4096 Root G5 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048) 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xe87add30c52db600 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Code Signing Root R45 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xd407c1f75ec7d700 C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x7b3081c535b843ae C=US, O=Google Trust Services LLC, CN=GTS Root R4 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x665f55ebd06ce27b C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - EC1 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xb9ff821d139e9bf OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x39bb496d7f0fc200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Development Root Certificate Authority 2014 5b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x90c7c28610d2ed15 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Development Root Certificate Authority 2018 5b34.3c5c: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=69 5b34.3c5c: SUPR3HardenedMain: Load Runtime... 5b34.3c5c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll: Signature #1/2: info status: 24202 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ws2_32.dll) WinVerifyTrust 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ws2_32.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcp140.dll) WinVerifyTrust 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcp140.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\vcruntime140.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll) WinVerifyTrust 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140.dll [redoing WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01: [calling] 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140.dll 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffedf240000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\VCRUNTIME140.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffede310000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\VCRUNTIME140_1.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffedf260000 LB 0x0008d000 C:\WINDOWS\SYSTEM32\MSVCP140.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefc980000 LB 0x00071000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffe4a970000 LB 0x006c6000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-synch-l1-2-0' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-fibers-l1-1-1' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-synch-l1-2-0' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-fibers-l1-1-1' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc680000 'C:\WINDOWS\System32\kernel32.dll' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-string-l1-1-0' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-localization-l1-2-1' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-datetime-l1-1-1' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-localization-obsolete-l1-2-0' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbe70000 'C:\WINDOWS\system32\Wintrust.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\system32\crypt32.dll' 5b34.3c5c: SUPR3HardenedMain: Load TrustedMain... 5b34.904: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-appmodel-runtime-l1-1-2) -> 0x0, fPresent=1 5b34.904: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-appmodel-runtime-l1-1-2 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.904: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcrt.dll'. 5b34.904: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel.appcore.dll) 5b34.904: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel.appcore.dll 5b34.904: supR3HardenedDllNotificationCallback: load 00007ffefaa80000 LB 0x00018000 C:\WINDOWS\SYSTEM32\kernel.appcore.dll [fFlags=0x0] 5b34.904: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust] 5b34.904: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefaa80000 'api-ms-win-appmodel-runtime-l1-1-2' 5b34.904: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 5b34.904: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 5b34.904: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll 5b34.904: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.904: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.904: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\kernel.appcore.dll' 5b34.3c5c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll: Signature #1/2: info status: 24202 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'uicommon.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vcruntime140.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'advapi32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'ole32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'oleaut32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\winmm.dll) WinVerifyTrust 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\winmm.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\oleaut32.dll) WinVerifyTrust 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\oleaut32.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\combase.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\combase.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\combase.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'gdi32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'user32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'combase.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ole32.dll) WinVerifyTrust 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ole32.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\user32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\user32.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\user32.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'win32u.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\gdi32.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\gdi32.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\win32u.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\win32u.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\win32u.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\win32u.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\user32.dll) WinVerifyTrust 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\win32u.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5guivbox.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5corevbox.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'uxtheme.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'dwmapi.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcp140.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'msvcp140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'vcruntime140.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'vcruntime140_1.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll: Signature #1/2: info status: 24202 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140_1.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp140.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\shell32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #72 'user32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'gdi32.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\shell32.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\shell32.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'win32u.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\dwmapi.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\dwmapi.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: Detected WinVerifyTrust recursion: rc=22900 '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'gdi32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'user32.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\uxtheme.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\uxtheme.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll: Signature #1/2: info status: 24202 5b34.3c5c: Detected WinVerifyTrust recursion: rc=24202 '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'mpr.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'userenv.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'version.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'netapi32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shell32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'winmm.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp140.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcp140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'vcruntime140.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'vcruntime140_1.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll: Signature #1/2: info status: 24202 5b34.3c5c: Detected WinVerifyTrust recursion: rc=24202 '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'd3d11.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'dxgi.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'opengl32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp140.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'vcruntime140.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'vcruntime140_1.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: Detected WinVerifyTrust recursion: rc=22900 '\Device\HarddiskVolume5\Windows\System32\opengl32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'glu32.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\opengl32.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\opengl32.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (24202) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume5\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\dxgi.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'win32u.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\dxgi.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\dxgi.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume5\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\d3d11.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'dxgi.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'win32u.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\d3d11.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\d3d11.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140_1.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netapi32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'netapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\netapi32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\netapi32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\netapi32.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\netapi32.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume5\Windows\System32\version.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\version.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\version.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\version.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume5\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\userenv.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\userenv.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\userenv.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume5\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\mpr.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\mpr.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\mpr.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\win32u.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\win32u.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume5\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dxgi.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\win32u.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume5\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: Detected WinVerifyTrust recursion: rc=22900 '\Device\HarddiskVolume5\Windows\System32\glu32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\glu32.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\glu32.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (22900) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'd3d11.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'dxgi.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'opengl32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp140.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'vcruntime140.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'vcruntime140_1.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (24202) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (22900) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (24202) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume5\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dxgi.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume5\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\d3d11.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\UICommon.dll: Signature #1/2: info status: 24202 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vcruntime140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5guivbox.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5widgetsvbox.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5helpvbox.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'advapi32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'ole32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'oleaut32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\UICommon.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [redoing WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\user32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5helpvbox.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5helpvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5helpvbox.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5HelpVBox.dll: Signature #1/2: info status: 24202 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5sqlvbox.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'vcruntime140.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5HelpVBox.dll) WinVerifyTrust 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5HelpVBox.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (24202) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5sqlvbox.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5sqlvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5sqlvbox.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll: Signature #1/2: info status: 24202 5b34.3c5c: Detected WinVerifyTrust recursion: rc=24202 '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5corevbox.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vcruntime140.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (24202) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01: [calling] 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\UICommon.dll 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5HelpVBox.dll 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\mpr.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\userenv.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\version.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\netapi32.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\d3d11.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dxgi.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (22900) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (22900) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (24202) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (22900) on \Device\HarddiskVolume5\Windows\System32\glu32.dll [avoiding WinVerifyTrust] 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\netutils.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\netutils.dll 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\DXCore.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\DXCore.dll 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\srvcli.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\srvcli.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffeeed40000 LB 0x0001e000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\mpr.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefaf80000 LB 0x00028000 C:\WINDOWS\SYSTEM32\USERENV.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\userenv.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef2430000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\VERSION.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\version.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffeeed20000 LB 0x00019000 C:\WINDOWS\SYSTEM32\NETAPI32.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\netapi32.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefc3a0000 LB 0x0009a000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefba70000 LB 0x00026000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\win32u.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefc440000 LB 0x001ad000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefbee0000 LB 0x00112000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'user32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'win32u.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\gdi32full.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\gdi32full.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefdb50000 LB 0x00029000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefdc30000 LB 0x0038a000 C:\WINDOWS\System32\combase.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefce80000 LB 0x0019c000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefd240000 LB 0x007ef000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef2440000 LB 0x00034000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffec98e0000 LB 0x00009000 C:\WINDOWS\SYSTEM32\MSVCP140_1.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefa550000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\NETUTILS.DLL [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\netutils.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffeeecf0000 LB 0x00028000 C:\WINDOWS\SYSTEM32\SRVCLI.DLL [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\srvcli.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffe6af50000 LB 0x005c6000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef9190000 LB 0x000f7000 C:\WINDOWS\SYSTEM32\dxgi.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dxgi.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef7be0000 LB 0x00257000 C:\WINDOWS\SYSTEM32\d3d11.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\d3d11.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef9130000 LB 0x00036000 C:\WINDOWS\SYSTEM32\dxcore.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\DXCore.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffeae650000 LB 0x0002d000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (22900) on \Device\HarddiskVolume5\Windows\System32\glu32.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffeaf100000 LB 0x00100000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (22900) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffe4a2f0000 LB 0x0067c000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef9010000 LB 0x000ab000 C:\WINDOWS\SYSTEM32\UxTheme.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (22900) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef92a0000 LB 0x0002b000 C:\WINDOWS\SYSTEM32\dwmapi.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffe6aa00000 LB 0x00541000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffecf570000 LB 0x00036000 C:\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (24202) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffed37e0000 LB 0x0006a000 C:\Program Files\Oracle\VirtualBox\Qt5HelpVBox.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5HelpVBox.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefc7d0000 LB 0x000d7000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffe4b040000 LB 0x01bd7000 C:\Program Files\Oracle\VirtualBox\UICommon.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\UICommon.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffec1560000 LB 0x00147000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\imm32.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\imm32.dll 5b34.3c5c: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000005fc (hFile=00000000000005e0) with 0xc0000022 -> STATUS_TRUST_FAILURE 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\imm32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\imm32.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32full.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\gdi32full.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\srvcli.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\srvcli.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\DXCore.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\DXCore.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\netutils.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\netutils.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=24202 '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\glu32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\glu32.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\mpr.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\mpr.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\userenv.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\userenv.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\version.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\version.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\netapi32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\netapi32.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\d3d11.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\d3d11.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\dxgi.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\dxgi.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\opengl32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\shell32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\win32u.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\combase.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rescheduled] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imm32.dll [redoing WinVerifyTrust] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\imm32.dll'. 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume5\Windows\System32\imm32.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\win32u.dll [redoing WinVerifyTrust] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\win32u.dll'. 5b34.3c5c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume5\Windows\System32\win32u.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\win32u.dll [redoing WinVerifyTrust] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\win32u.dll'. 5b34.3c5c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume5\Windows\System32\win32u.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [redoing WinVerifyTrust] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32.dll'. 5b34.3c5c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume5\Windows\System32\gdi32.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll'. 5b34.3c5c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\win32u.dll [redoing WinVerifyTrust] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\win32u.dll'. 5b34.3c5c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume5\Windows\System32\win32u.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll'. 5b34.3c5c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefc5f0000 LB 0x00032000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imm32.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc5f0000 'C:\WINDOWS\system32\IMM32.DLL' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\imm32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\imm32.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32full.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\gdi32full.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\srvcli.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\srvcli.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\DXCore.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\DXCore.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\netutils.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\netutils.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=24202 '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\glu32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\glu32.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\mpr.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\mpr.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\userenv.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\userenv.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\version.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\version.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\netapi32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\netapi32.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\d3d11.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\d3d11.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\dxgi.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\dxgi.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\opengl32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\shell32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\win32u.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\combase.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\imm32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\imm32.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32full.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\gdi32full.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\srvcli.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\srvcli.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\DXCore.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\DXCore.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\netutils.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\netutils.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=24202 '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\glu32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\glu32.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\mpr.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\mpr.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\userenv.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\userenv.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\version.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\version.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\netapi32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\netapi32.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\d3d11.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\d3d11.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\dxgi.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\dxgi.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\opengl32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\shell32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\win32u.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\combase.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rescheduled] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [redoing WinVerifyTrust] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32.dll'. 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume5\Windows\System32\gdi32.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefdb50000 'C:\WINDOWS\System32\gdi32.dll' 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\imm32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\imm32.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32full.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\gdi32full.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\srvcli.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\srvcli.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\DXCore.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\DXCore.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\netutils.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\netutils.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=24202 '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\glu32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\glu32.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\mpr.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\mpr.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\userenv.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\userenv.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\version.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\version.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\netapi32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\netapi32.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\d3d11.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\d3d11.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\dxgi.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\dxgi.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\opengl32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\shell32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\win32u.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rescheduled] 5b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\combase.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rescheduled] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec1560000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\imm32.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\gdi32full.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\srvcli.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\DXCore.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\netutils.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000578 pwszName=\Device\HarddiskVolume5\Windows\System32\glu32.dll 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000028f0f17c890 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000028f0f17c890 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=90E5915C85BB39788F4BE3CBB591FA675C8C60D0 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.22621.963.cat'; file='\Device\HarddiskVolume5\Windows\System32\glu32.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\glu32.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\mpr.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\userenv.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\version.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\netapi32.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\d3d11.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\dxgi.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000564 pwszName=\Device\HarddiskVolume5\Windows\System32\opengl32.dll 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000028f0f17c890 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000028f0f17c890 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E2293C74D841AADEE2B956D4714194C9516162BC 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.22621.963.cat'; file='\Device\HarddiskVolume5\Windows\System32\opengl32.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000544 pwszName=\Device\HarddiskVolume5\Windows\System32\uxtheme.dll 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000028f0f17c890 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000028f0f17c890 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B43BFAB160EC86D109E40F8AF848FD34D92B7B32 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05~31bf3856ad364e35~amd64~~10.0.22621.963.cat'; file='\Device\HarddiskVolume5\Windows\System32\uxtheme.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\shell32.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\win32u.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\combase.dll' 5b34.3c5c: SUPR3HardenedMain: Calling TrustedMain (00007ffec1561c90)... 5b34.3c5c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\platforms\qwindows.dll: Signature #1/2: info status: 24202 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'dwmapi.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'imm32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'wtsapi32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5guivbox.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5corevbox.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'winmm.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp140.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'vcruntime140.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'vcruntime140_1.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\platforms\qwindows.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wtsapi32.dll) WinVerifyTrust 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wtsapi32.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume5\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imm32.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dwmapi.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\platforms\qwindows.dll 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wtsapi32.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef8f10000 LB 0x00014000 C:\WINDOWS\SYSTEM32\WTSAPI32.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wtsapi32.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffec3f20000 LB 0x00161000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\platforms\qwindows.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec3f20000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'bcryptprimitives.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #51 'combase.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\rpcss.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\rpcss.dll 5b34.3c5c: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000794 (hFile=0000000000000778) with 0xc0000022 -> STATUS_TRUST_FAILURE 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000077c pwszName=\Device\HarddiskVolume5\Windows\System32\rpcss.dll 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000028f0f17c890 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000028f0f17c890 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C6DE3FB1F9610C9D381DB82B9E122F1B7CF8B65 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05142030~31bf3856ad364e35~amd64~~10.0.22621.1192.cat'; file='\Device\HarddiskVolume5\Windows\System32\rpcss.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\rpcss.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef9010000 'C:\WINDOWS\system32\uxtheme.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc440000 'C:\WINDOWS\system32\user32.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\SHCore.dll) WinVerifyTrust 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\SHCore.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefe440000 LB 0x000f1000 C:\WINDOWS\System32\SHCore.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\SHCore.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe440000 'C:\WINDOWS\system32\SHCore.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefd240000 'C:\WINDOWS\system32\shell32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\windows.storage.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\windows.storage.dll 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\WinTypes.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\WinTypes.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef9900000 LB 0x0013e000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef9a40000 LB 0x008c8000 C:\WINDOWS\SYSTEM32\windows.storage.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\windows.storage.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefda30000 LB 0x0005e000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\shlwapi.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\shlwapi.dll 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\powrprof.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\powrprof.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefb350000 LB 0x0004d000 C:\WINDOWS\SYSTEM32\powrprof.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\powrprof.dll [avoiding WinVerifyTrust] 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\umpdc.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\umpdc.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefb330000 LB 0x00013000 C:\WINDOWS\SYSTEM32\UMPDC.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\umpdc.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\umpdc.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\powrprof.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\WinTypes.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\windows.storage.dll' 5b34.3c5c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll: Signature #1/2: info status: 24202 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'uxtheme.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'vcruntime140.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'vcruntime140_1.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll) WinVerifyTrust 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffee47c0000 LB 0x00026000 C:\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee47c0000 'C:\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'user32.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.608_none_a9444ca7c10bb01d\comctl32.dll) WinVerifyTrust 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.608_none_a9444ca7c10bb01d\comctl32.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.608_none_a9444ca7c10bb01d\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000004001: [calling] 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.608_none_a9444ca7c10bb01d\comctl32.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffede080000 LB 0x0028e000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.608_none_a9444ca7c10bb01d\comctl32.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.608_none_a9444ca7c10bb01d\comctl32.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffede080000 'C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.608_none_a9444ca7c10bb01d\comctl32.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.608_none_a9444ca7c10bb01d\comctl32.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.608_none_a9444ca7c10bb01d\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000004001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffede080000 'C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.608_none_a9444ca7c10bb01d\comctl32.dll' 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\WindowsCodecs.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\WindowsCodecs.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef77c0000 LB 0x001b0000 C:\WINDOWS\SYSTEM32\WindowsCodecs.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\WindowsCodecs.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefda90000 LB 0x000b0000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\clbcatq.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\clbcatq.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\clbcatq.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\WindowsCodecs.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'msvcp_win.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\thumbcache.dll) WinVerifyTrust 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\thumbcache.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\thumbcache.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\thumbcache.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffebca70000 LB 0x0006e000 C:\Windows\System32\thumbcache.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\thumbcache.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebca70000 'C:\Windows\System32\thumbcache.dll' 5b34.3c5c: '\Device\HarddiskVolume5\Windows\System32\imageres.dll' has no imports 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\imageres.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\imageres.dll 5b34.3c5c: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 000000000000055c (hFile=00000000000005a0) with 0xc0000022 -> STATUS_TRUST_FAILURE 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp110_win.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\policymanager.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\policymanager.dll 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcp110_win.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcp110_win.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef6a20000 LB 0x00093000 C:\WINDOWS\SYSTEM32\msvcp110_win.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp110_win.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef6ce0000 LB 0x000a5000 C:\WINDOWS\SYSTEM32\policymanager.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\policymanager.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp110_win.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp110_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp110_win.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp110_win.dll [lacks WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\msvcp110_win.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\policymanager.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000059c pwszName=\Device\HarddiskVolume5\Windows\System32\imageres.dll 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000028f0f17c890 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000028f0f17c890 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=661E607E0978A06F038FD2BBB20780B3AE60E1A2 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.22621.963.cat'; file='\Device\HarddiskVolume5\Windows\System32\imageres.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\imageres.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\WindowsCodecs.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\windowscodecs.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef77c0000 'C:\WINDOWS\system32\windowscodecs.dll' 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imageres.dll 5b34.3c5c: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000848 (hFile=0000000000000818) with 0xc0000022 -> STATUS_TRUST_FAILURE 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imageres.dll 5b34.3c5c: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000820 (hFile=0000000000000860) with 0xc0000022 -> STATUS_TRUST_FAILURE 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imageres.dll 5b34.3c5c: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000820 (hFile=00000000000005b0) with 0xc0000022 -> STATUS_TRUST_FAILURE 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcss.dll 5b34.3c5c: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000854 (hFile=0000000000000848) with 0xc0000022 -> STATUS_TRUST_FAILURE 5b34.552c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll: Signature #1/2: info status: 24202 5b34.552c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.552c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.552c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'. 5b34.552c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'. 5b34.552c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'. 5b34.552c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'. 5b34.552c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'advapi32.dll'. 5b34.552c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'ole32.dll'. 5b34.552c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'. 5b34.552c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust 5b34.552c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll 5b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 5b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 5b34.552c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll 5b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 5b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 5b34.552c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll 5b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 5b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 5b34.552c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll 5b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 5b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 5b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'... 5b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008] 5b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'... 5b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008] 5b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 5b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 5b34.552c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 5b34.552c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll 5b34.552c: supR3HardenedDllNotificationCallback: load 00007ffe6b870000 LB 0x003da000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0] 5b34.552c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll 5b34.552c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6b870000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll' 5b34.552c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll: Signature #1/2: info status: 24202 5b34.552c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.552c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.552c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'. 5b34.552c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 5b34.552c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'. 5b34.552c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'shlwapi.dll'. 5b34.552c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'. 5b34.552c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'. 5b34.552c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'. 5b34.552c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust 5b34.552c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll 5b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 5b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 5b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 5b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 5b34.552c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll 5b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 5b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 5b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 5b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 5b34.552c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shlwapi.dll 5b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 5b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 5b34.552c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll 5b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 5b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 5b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 5b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 5b34.552c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 5b34.552c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll 5b34.552c: supR3HardenedDllNotificationCallback: load 00007ffec3e40000 LB 0x000db000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0] 5b34.552c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll 5b34.552c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec3e40000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll' 5b34.552c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll 5b34.552c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 5b34.552c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc7d0000 'C:\Windows\System32\oleaut32.dll' 5b34.14c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll: Signature #1/2: info status: 24202 5b34.14c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.14c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.14c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'. 5b34.14c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'. 5b34.14c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 5b34.14c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust 5b34.14c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll 5b34.14c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 5b34.14c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 5b34.14c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'... 5b34.14c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008] 5b34.14c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 5b34.14c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 5b34.14c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.14c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll 5b34.14c: supR3HardenedDllNotificationCallback: load 00007ffe49e10000 LB 0x004d7000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0] 5b34.14c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll 5b34.14c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe49e10000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL' 5b34.3c5c: '\Device\HarddiskVolume5\Windows\System32\tzres.dll' has no imports 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\tzres.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\tzres.dll 5b34.3c5c: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000abc (hFile=0000000000000ab4) with 0xc0000022 -> STATUS_TRUST_FAILURE 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (22900) on \Device\HarddiskVolume5\Windows\System32\tzres.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000ab4 (hFile=0000000000000abc) with 0xc0000022 -> STATUS_TRUST_FAILURE 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ab8 pwszName=\Device\HarddiskVolume5\Windows\System32\tzres.dll 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000028f0f17c890 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000028f0f17c890 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E31DC496D18BBBE27DD43F467BAE80F7D7C52B3B 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package051420~31bf3856ad364e35~amd64~~10.0.22621.963.cat'; file='\Device\HarddiskVolume5\Windows\System32\tzres.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\tzres.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ae0 pwszName=\Device\HarddiskVolume5\Windows\System32\DWrite.dll 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000028f0f17c890 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000028f0f17c890 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=13FB92B56B737E58C3DD8B51112F161C2EC4F1EE 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package051021~31bf3856ad364e35~amd64~~10.0.22621.963.cat'; file='\Device\HarddiskVolume5\Windows\System32\DWrite.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\DWrite.dll) WinVerifyTrust 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\DWrite.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwrite.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\DWrite.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef7970000 LB 0x00267000 C:\WINDOWS\system32\dwrite.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\DWrite.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef7970000 'C:\WINDOWS\system32\dwrite.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\gdi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefdb50000 'C:\WINDOWS\system32\gdi32.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'win32u.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dwmapi.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\d3d9.dll) WinVerifyTrust 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\d3d9.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dwmapi.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\d3d9.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\d3d9.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffea3a60000 LB 0x001a9000 C:\WINDOWS\system32\d3d9.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\d3d9.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea3a60000 'C:\WINDOWS\system32\d3d9.dll' 5b34.3c5c: \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\u0386340.inf_amd64_0602655639c1eef7\B386338\aticfx64.dll: Signature #1/3: info status: 24202 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'version.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\u0386340.inf_amd64_0602655639c1eef7\B386338\aticfx64.dll) WinVerifyTrust 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\u0386340.inf_amd64_0602655639c1eef7\B386338\aticfx64.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume5\Windows\System32\version.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\version.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\u0386340.inf_amd64_0602655639c1eef7\B386338\aticfx64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\u0386340.inf_amd64_0602655639c1eef7\B386338\aticfx64.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef2480000 LB 0x001bb000 C:\WINDOWS\System32\DriverStore\FileRepository\u0386340.inf_amd64_0602655639c1eef7\B386338\aticfx64.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\u0386340.inf_amd64_0602655639c1eef7\B386338\aticfx64.dll 5b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-synch-l1-2-0' 5b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-fibers-l1-1-1' 5b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-synch-l1-2-0' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc680000 'C:\WINDOWS\System32\kernel32.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2480000 'C:\WINDOWS\System32\DriverStore\FileRepository\u0386340.inf_amd64_0602655639c1eef7\B386338\aticfx64.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dwmapi.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef92a0000 'C:\WINDOWS\System32\dwmapi.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'setupapi.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\u0386340.inf_amd64_0602655639c1eef7\B386338\amdxn64.dll) WinVerifyTrust 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\u0386340.inf_amd64_0602655639c1eef7\B386338\amdxn64.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\setupapi.dll) WinVerifyTrust 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\setupapi.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\u0386340.inf_amd64_0602655639c1eef7\B386338\amdxn64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\u0386340.inf_amd64_0602655639c1eef7\B386338\amdxn64.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefdfc0000 LB 0x0047a000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\setupapi.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffe95190000 LB 0x01dcf000 C:\WINDOWS\System32\DriverStore\FileRepository\u0386340.inf_amd64_0602655639c1eef7\B386338\amdxn64.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\u0386340.inf_amd64_0602655639c1eef7\B386338\amdxn64.dll 5b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-synch-l1-2-0' 5b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-fibers-l1-1-1' 5b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-synch-l1-2-0' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc680000 'C:\WINDOWS\System32\kernel32.dll' 5b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-string-l1-1-0' 5b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-localization-l1-2-1' 5b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-datetime-l1-1-1' 5b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-localization-obsolete-l1-2-0' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe95190000 'C:\WINDOWS\System32\DriverStore\FileRepository\u0386340.inf_amd64_0602655639c1eef7\B386338\amdxn64.dll' 5b34.3c5c: \Device\HarddiskVolume5\Windows\System32\amdihk64.dll: Owner is administrators group. 5b34.3c5c: \Device\HarddiskVolume5\Windows\System32\amdihk64.dll: Signature #1/3: info status: 24202 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'shlwapi.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\amdihk64.dll) WinVerifyTrust 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\amdihk64.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shlwapi.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\amdihk64.dll (Input=amdihk64.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\amdihk64.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef0250000 LB 0x00035000 C:\WINDOWS\System32\amdihk64.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\amdihk64.dll 5b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-synch-l1-2-0' 5b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-fibers-l1-1-1' 5b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-synch-l1-2-0' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc680000 'C:\WINDOWS\System32\kernel32.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef0250000 'C:\WINDOWS\System32\amdihk64.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcp_win.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\directxdatabasehelper.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\directxdatabasehelper.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef60a0000 LB 0x00049000 C:\WINDOWS\SYSTEM32\directxdatabasehelper.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\directxdatabasehelper.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\directxdatabasehelper.dll' 5b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-core-resourcepolicy-l1-1-0.dll) -> 0x0, fPresent=1 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-core-resourcepolicy-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ResourcePolicyClient.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ResourcePolicyClient.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef95e0000 LB 0x00015000 C:\WINDOWS\SYSTEM32\resourcepolicyclient.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ResourcePolicyClient.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef95e0000 'ext-ms-win-core-resourcepolicy-l1-1-0.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\ResourcePolicyClient.dll' 5b34.3c5c: supR3HardenedDllNotificationCallback: Unload 00007ffef95e0000 LB 0x00015000 C:\WINDOWS\SYSTEM32\resourcepolicyclient.dll [flags=0x0] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefdb50000 'C:\WINDOWS\System32\gdi32.dll' 5b34.3c5c: supR3HardenedDllNotificationCallback: Unload 00007ffef0250000 LB 0x00035000 C:\WINDOWS\System32\amdihk64.dll [flags=0x0] 5b34.3c5c: supR3HardenedDllNotificationCallback: Unload 00007ffe95190000 LB 0x01dcf000 C:\WINDOWS\System32\DriverStore\FileRepository\u0386340.inf_amd64_0602655639c1eef7\B386338\amdxn64.dll [flags=0x0] 5b34.3c5c: supR3HardenedDllNotificationCallback: Unload 00007ffefdfc0000 LB 0x0047a000 C:\WINDOWS\System32\SETUPAPI.dll [flags=0x0] 5b34.3c5c: supR3HardenedDllNotificationCallback: Unload 00007ffef2480000 LB 0x001bb000 C:\WINDOWS\System32\DriverStore\FileRepository\u0386340.inf_amd64_0602655639c1eef7\B386338\aticfx64.dll [flags=0x0] 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefd030000 LB 0x0011e000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msctf.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msctf.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\msctf.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b5c pwszName=\Device\HarddiskVolume5\Windows\System32\DataExchange.dll 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000028f0f17c890 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000028f0f17c890 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CD74172D15559A8393DD6375D3980EF0BC7F4896 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package051020~31bf3856ad364e35~amd64~~10.0.22621.963.cat'; file='\Device\HarddiskVolume5\Windows\System32\DataExchange.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'msvcp_win.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\DataExchange.dll) WinVerifyTrust 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\DataExchange.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\DataExchange.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffebd440000 LB 0x0005e000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\DataExchange.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd440000 'C:\WINDOWS\system32\dataexchange.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'combase.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'msvcp_win.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\twinapi.appcore.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\twinapi.appcore.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef2eb0000 LB 0x0026a000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\twinapi.appcore.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\SHCore.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe440000 'C:\WINDOWS\system32\Shcore.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\TextInputFramework.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\TextInputFramework.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffeef0e0000 LB 0x0012d000 C:\WINDOWS\SYSTEM32\textinputframework.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\TextInputFramework.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefce80000 'C:\WINDOWS\System32\ole32.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc7d0000 'C:\WINDOWS\System32\OLEAUT32.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bd0 pwszName=\Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000028f0f17c890 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000028f0f17c890 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=79FFC2BD644B57D7CA8615216116CAFF7BB202DF 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.22621.963.cat'; file='\Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'wbemcomn.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000be8 pwszName=\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000028f0f17c890 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000028f0f17c890 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E3C24DA357936B83C408A2C99BB0510A23847A80 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.22621.963.cat'; file='\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll) WinVerifyTrust 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wbemcomn.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbemcomn.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffee9c80000 LB 0x00080000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbemcomn.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffee68f0000 LB 0x00010000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll 5b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee68f0000 'C:\WINDOWS\system32\wbem\wbemprox.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bec pwszName=\Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000028f0f17c890 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000028f0f17c890 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66D41A3156780ABDF91F20104ADE7523819524FC 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.22621.963.cat'; file='\Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffee8e30000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee8e30000 'C:\WINDOWS\system32\wbem\wbemsvc.dll' 5b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-localization-l1-2-0.dll' 5b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-localization-obsolete-l1-1-0.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c14 pwszName=\Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000028f0f17c890 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000028f0f17c890 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=45A53B64D62558384F329921CF2731D0FA6A5EC5 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.22621.963.cat'; file='\Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll) WinVerifyTrust 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbemcomn.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffee8f20000 LB 0x000f8000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee8f20000 'C:\WINDOWS\system32\wbem\fastprox.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c24 pwszName=\Device\HarddiskVolume5\Windows\System32\amsi.dll 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000028f0f17c890 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000028f0f17c890 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=47FCE31AAF860A9E41EB3F3CBC4C21B1C3487C05 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05~31bf3856ad364e35~amd64~~10.0.22621.963.cat'; file='\Device\HarddiskVolume5\Windows\System32\amsi.dll' 5b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\amsi.dll) WinVerifyTrust 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\amsi.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\amsi.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffee7d50000 LB 0x0001d000 C:\WINDOWS\System32\amsi.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\amsi.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee7d50000 'C:\WINDOWS\System32\amsi.dll' 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> -621 (\Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswAMSI.dll) 5b34.3c5c: Error (rc=0): 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: rc=-621 fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswAMSI.dll: Cert at 0x2930 LB 0x2950: Bad header length value: 0x0 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswAMSI.dll 5b34.3c5c: Error (rc=0): 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Avast Software\Avast\aswAMSI.dll' (C:\Program Files\Avast Software\Avast\aswAMSI.dll): rcNt=0xc0000190 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Avast Software\Avast\aswAMSI.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (-621) on \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswAMSI.dll [lacks WinVerifyTrust] 5b34.3c5c: Error (rc=0): 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cached rc=-621 fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswAMSI.dll 5b34.3c5c: Error (rc=0): 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Avast Software\Avast\aswAMSI.dll' (C:\Program Files\Avast Software\Avast\aswAMSI.dll): rcNt=0xc0000190 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Avast Software\Avast\aswAMSI.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (-621) on \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswAMSI.dll [lacks WinVerifyTrust] 5b34.3c5c: Error (rc=0): 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cached rc=-621 fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswAMSI.dll 5b34.3c5c: Error (rc=0): 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Avast Software\Avast\aswAMSI.dll' (C:\Program Files\Avast Software\Avast\aswAMSI.dll): rcNt=0xc0000190 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Avast Software\Avast\aswAMSI.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (-621) on \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswAMSI.dll [lacks WinVerifyTrust] 5b34.3c5c: Error (rc=0): 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cached rc=-621 fImage=1 fProtect=0x0 fAccess=0x0 cHits=3 \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswAMSI.dll 5b34.3c5c: Error (rc=0): 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Avast Software\Avast\aswAMSI.dll' (C:\Program Files\Avast Software\Avast\aswAMSI.dll): rcNt=0xc0000190 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Avast Software\Avast\aswAMSI.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (-621) on \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswAMSI.dll [lacks WinVerifyTrust] 5b34.3c5c: Error (rc=0): 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cached rc=-621 fImage=1 fProtect=0x0 fAccess=0x0 cHits=4 \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswAMSI.dll 5b34.3c5c: Error (rc=0): 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Avast Software\Avast\aswAMSI.dll' (C:\Program Files\Avast Software\Avast\aswAMSI.dll): rcNt=0xc0000190 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Avast Software\Avast\aswAMSI.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (-621) on \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswAMSI.dll [lacks WinVerifyTrust] 5b34.3c5c: Error (rc=0): 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cached rc=-621 fImage=1 fProtect=0x0 fAccess=0x0 cHits=5 \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswAMSI.dll 5b34.3c5c: Error (rc=0): 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Avast Software\Avast\aswAMSI.dll' (C:\Program Files\Avast Software\Avast\aswAMSI.dll): rcNt=0xc0000190 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Avast Software\Avast\aswAMSI.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefdb80000 'C:\WINDOWS\System32\ADVAPI32.dll' 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefce80000 'C:\WINDOWS\system32\ole32.dll' 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010e4 pwszName=\Device\HarddiskVolume5\Windows\System32\NetSetupShim.dll 5b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000028f0f17c890 5b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000028f0f17c890 5b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D905C68C5870D95364F15D4C9A38827EC80CDD75 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05111~31bf3856ad364e35~amd64~~10.0.22621.900.cat'; file='\Device\HarddiskVolume5\Windows\System32\NetSetupShim.dll' 5b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 5b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 5b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'. 5b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'oleaut32.dll'. 5b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'ws2_32.dll'. 5b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'netsetupapi.dll'. 5b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'setupapi.dll'. 5b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'devrtl.dll'. 5b34.5ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\NetSetupShim.dll) WinVerifyTrust 5b34.5ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\NetSetupShim.dll 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devrtl.dll'... 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'devrtl.dll' -> '\Device\HarddiskVolume5\Windows\System32\devrtl.dll' [rcNtRedir=0xc0150008] 5b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000012f8 pwszName=\Device\HarddiskVolume5\Windows\System32\devrtl.dll 5b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000028f0f17c890 5b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000028f0f17c890 5b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2337E1E106C9DD265E7E574236C7277C6E078413 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05142030~31bf3856ad364e35~amd64~~10.0.22621.963.cat'; file='\Device\HarddiskVolume5\Windows\System32\devrtl.dll' 5b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 5b34.5ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\devrtl.dll) WinVerifyTrust 5b34.5ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\devrtl.dll 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 5b34.5ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\setupapi.dll 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netsetupapi.dll'... 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'netsetupapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\netsetupapi.dll' [rcNtRedir=0xc0150008] 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 5b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. 5b34.5ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\NetSetupApi.dll) WinVerifyTrust 5b34.5ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\NetSetupApi.dll 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 5b34.5ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupShim.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 5b34.5ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\NetSetupShim.dll 5b34.5ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll) 5b34.5ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll 5b34.5ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\NetSetupApi.dll 5b34.5ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\devrtl.dll 5b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffefb720000 LB 0x0004e000 C:\WINDOWS\SYSTEM32\cfgmgr32.dll [fFlags=0x0] 5b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust] 5b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffee3d30000 LB 0x00029000 C:\Windows\System32\NetSetupApi.dll [fFlags=0x0] 5b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\NetSetupApi.dll 5b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffefdfc0000 LB 0x0047a000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0] 5b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\setupapi.dll 5b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffeee670000 LB 0x00014000 C:\Windows\System32\DEVRTL.dll [fFlags=0x0] 5b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\devrtl.dll 5b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffee3b00000 LB 0x0007b000 C:\Windows\System32\NetSetupShim.dll [fFlags=0x0] 5b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\NetSetupShim.dll 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee3b00000 'C:\Windows\System32\NetSetupShim.dll' 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.5ff4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll' 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 5b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'. 5b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'nsi.dll'. 5b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'winnsi.dll'. 5b34.5ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\NetSetupEngine.dll) WinVerifyTrust 5b34.5ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\NetSetupEngine.dll 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'... 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume5\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008] 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.5ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\winnsi.dll) WinVerifyTrust 5b34.5ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\winnsi.dll 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume5\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.5ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\nsi.dll) WinVerifyTrust 5b34.5ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\nsi.dll 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupEngine.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.5ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\NetSetupEngine.dll 5b34.5ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winnsi.dll 5b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffefd020000 LB 0x00009000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0] 5b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\nsi.dll 5b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffef9000000 LB 0x0000d000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0] 5b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winnsi.dll 5b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffec3ce0000 LB 0x000df000 C:\Windows\System32\NetSetupEngine.dll [fFlags=0x0] 5b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\NetSetupEngine.dll 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec3ce0000 'C:\Windows\System32\NetSetupEngine.dll' 5b34.5ff4: supR3HardenedDllNotificationCallback: Unload 00007ffec3ce0000 LB 0x000df000 C:\Windows\System32\NetSetupEngine.dll [flags=0x0] 5b34.5ff4: supR3HardenedDllNotificationCallback: Unload 00007ffefd020000 LB 0x00009000 C:\WINDOWS\System32\NSI.dll [flags=0x0] 5b34.5ff4: supR3HardenedDllNotificationCallback: Unload 00007ffef9000000 LB 0x0000d000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [flags=0x0] 5b34.1588: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll: Signature #1/2: info status: 24202 5b34.1588: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.1588: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.1588: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'. 5b34.1588: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'. 5b34.1588: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'. 5b34.1588: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'. 5b34.1588: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. 5b34.1588: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust 5b34.1588: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll 5b34.1588: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 5b34.1588: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 5b34.1588: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 5b34.1588: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 5b34.1588: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'... 5b34.1588: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008] 5b34.1588: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'... 5b34.1588: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008] 5b34.1588: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 5b34.1588: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 5b34.1588: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.1588: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll 5b34.1588: supR3HardenedDllNotificationCallback: load 00007ffef70f0000 LB 0x00010000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0] 5b34.1588: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll 5b34.1588: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef70f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL' 5b34.2338: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll: Signature #1/2: info status: 24202 5b34.2338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.2338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.2338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'. 5b34.2338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'. 5b34.2338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'. 5b34.2338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'. 5b34.2338: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust 5b34.2338: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll 5b34.2338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 5b34.2338: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 5b34.2338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'... 5b34.2338: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008] 5b34.2338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'... 5b34.2338: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008] 5b34.2338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 5b34.2338: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 5b34.2338: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.2338: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll 5b34.2338: supR3HardenedDllNotificationCallback: load 00007ffef70e0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0] 5b34.2338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll 5b34.2338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef70e0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL' 5b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefd240000 'C:\WINDOWS\system32\Shell32.dll' 5b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000012ac pwszName=\Device\HarddiskVolume5\Windows\System32\WinHvPlatform.dll 5b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000028f0f17c890 5b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000028f0f17c890 5b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A1127A13D7B78150717ED61134DCB565FEBCA2A3 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.22621.963.cat'; file='\Device\HarddiskVolume5\Windows\System32\WinHvPlatform.dll' 5b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 5b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'vid.dll'. 5b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'devobj.dll'. 5b34.5ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\WinHvPlatform.dll) WinVerifyTrust 5b34.5ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\WinHvPlatform.dll 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'... 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume5\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008] 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'cfgmgr32.dll'. 5b34.5ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\devobj.dll) WinVerifyTrust 5b34.5ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\devobj.dll 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vid.dll'... 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vid.dll' -> '\Device\HarddiskVolume5\Windows\System32\vid.dll' [rcNtRedir=0xc0150008] 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] 5b34.5ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.5ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\vid.dll) WinVerifyTrust 5b34.5ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\vid.dll 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\WinHvPlatform.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.5ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\WinHvPlatform.dll 5b34.5ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vid.dll 5b34.5ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\devobj.dll 5b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffecdb30000 LB 0x0003e000 C:\WINDOWS\SYSTEM32\vid.dll [fFlags=0x0] 5b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vid.dll 5b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffefb770000 LB 0x00033000 C:\WINDOWS\SYSTEM32\DEVOBJ.dll [fFlags=0x0] 5b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\devobj.dll 5b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffecf4d0000 LB 0x00047000 C:\WINDOWS\system32\WinHvPlatform.dll [fFlags=0x0] 5b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\WinHvPlatform.dll 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecf4d0000 'C:\WINDOWS\system32\WinHvPlatform.dll' 5b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vid.dll 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\vid.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecdb30000 'C:\WINDOWS\system32\vid.dll' 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.5ff4: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports 5b34.5ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ntdll.dll) WinVerifyTrust 5b34.5ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ntdll.dll 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\NTDLL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe630000 'C:\WINDOWS\system32\NTDLL.DLL' 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.5ff4: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD.dll: Signature #1/2: info status: 24202 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'. 5b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'. 5b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 5b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'. 5b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'. 5b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 5b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'. 5b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'. 5b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'. 5b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'. 5b34.5ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust 5b34.5ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD.dll 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'... 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008] 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.5ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust 5b34.5ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 5b34.5ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 5b34.5ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\setupapi.dll 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'... 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008] 5b34.5ff4: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD2.dll: Signature #1/2: info status: 24202 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'. 5b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140.dll'. 5b34.5ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust 5b34.5ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD2.dll 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'... 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008] 5b34.5ff4: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDDU.dll: Signature #1/2: info status: 24202 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'. 5b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 5b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 5b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'. 5b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'. 5b34.5ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust 5b34.5ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDDU.dll 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'... 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008] 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 5b34.5ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\setupapi.dll 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.5ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD.dll 5b34.5ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDDU.dll 5b34.5ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD2.dll 5b34.5ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL 5b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffec3dc0000 LB 0x00071000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0] 5b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDDU.dll 5b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffe48a10000 LB 0x0085d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0] 5b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD2.dll 5b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffefa560000 LB 0x0002d000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0] 5b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL 5b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffe49270000 LB 0x00b97000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0] 5b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD.dll 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe49270000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL' 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6b870000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL' 5b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD2.dll 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe48a10000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL' 5b34.5618: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll: Signature #1/2: info status: 24202 5b34.5618: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.5618: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.5618: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'. 5b34.5618: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 5b34.5618: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust 5b34.5618: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll 5b34.5618: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 5b34.5618: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 5b34.5618: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 5b34.5618: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 5b34.5618: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.5618: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll 5b34.5618: supR3HardenedDllNotificationCallback: load 00007ffef4840000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0] 5b34.5618: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll 5b34.5618: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef4840000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL' 5b34.6560: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll: Signature #1/2: info status: 24202 5b34.6560: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.6560: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.6560: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'. 5b34.6560: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'. 5b34.6560: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'. 5b34.6560: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'. 5b34.6560: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust 5b34.6560: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll 5b34.6560: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 5b34.6560: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 5b34.6560: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'... 5b34.6560: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008] 5b34.6560: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'... 5b34.6560: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008] 5b34.6560: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll 5b34.6560: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 5b34.6560: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 5b34.6560: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.6560: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll 5b34.6560: supR3HardenedDllNotificationCallback: load 00007ffef6fd0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0] 5b34.6560: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll 5b34.6560: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef6fd0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL' 5b34.6a70: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll: Signature #1/2: info status: 24202 5b34.6a70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.6a70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.6a70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'. 5b34.6a70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'. 5b34.6a70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'. 5b34.6a70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'. 5b34.6a70: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust 5b34.6a70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll 5b34.6a70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 5b34.6a70: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 5b34.6a70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'... 5b34.6a70: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008] 5b34.6a70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'... 5b34.6a70: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008] 5b34.6a70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'... 5b34.6a70: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008] 5b34.6a70: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.6a70: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll 5b34.6a70: supR3HardenedDllNotificationCallback: load 00007ffeec8d0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0] 5b34.6a70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll 5b34.6a70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeec8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL' 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 5b34.5ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\MMDevAPI.dll) WinVerifyTrust 5b34.5ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\MMDevAPI.dll 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 5b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 5b34.5ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\MMDevAPI.dll 5b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffeee380000 LB 0x0009d000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0] 5b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\MMDevAPI.dll 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeee380000 'C:\WINDOWS\System32\MMDevApi.dll' 5b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\MMDevAPI.dll 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeee380000 'C:\WINDOWS\System32\MMDEVAPI.DLL' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msctf.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefd030000 'C:\WINDOWS\System32\MSCTF.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'msvcp_win.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\CoreMessaging.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\CoreMessaging.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef8aa0000 LB 0x00133000 C:\WINDOWS\SYSTEM32\CoreMessaging.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbe70000 'C:\WINDOWS\System32\WINTRUST.DLL' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\CRYPT32.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\CoreMessaging.dll' 5b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-security-sddl-l1-1-0.dll) -> 0x0, fPresent=1 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-security-sddl-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc8b0000 'api-ms-win-security-sddl-l1-1-0.dll' 5b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc440000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll' 5b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc440000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 5b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'coremessaging.dll'. 5b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\CoreUIComponents.dll) 5b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\CoreUIComponents.dll 5b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef5840000 LB 0x0036c000 C:\WINDOWS\SYSTEM32\CoreUIComponents.dll [fFlags=0x0] 5b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust] 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume5\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\CoreMessaging.dll 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 5b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll' 5b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\CoreUIComponents.dll' 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcbd0000 'C:\WINDOWS\System32\RPCRT4.dll' 5b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-security-systemfunctions-l1-1-0) -> 0x0, fPresent=1 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-security-systemfunctions-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 5b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefdb80000 'api-ms-win-security-systemfunctions-l1-1-0' 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imageres.dll 5b34.3c5c: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000017e0 (hFile=0000000000001424) with 0xc0000022 -> STATUS_TRUST_FAILURE 5b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imageres.dll 5b34.3c5c: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000017d0 (hFile=0000000000001568) with 0xc0000022 -> STATUS_TRUST_FAILURE 5b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\NetSetupEngine.dll 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupEngine.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 5b34.5ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\NetSetupEngine.dll 5b34.5ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winnsi.dll 5b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffefd020000 LB 0x00009000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0] 5b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\nsi.dll 5b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffef9000000 LB 0x0000d000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0] 5b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winnsi.dll 5b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffec3ce0000 LB 0x000df000 C:\Windows\System32\NetSetupEngine.dll [fFlags=0x0] 5b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\NetSetupEngine.dll 5b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec3ce0000 'C:\Windows\System32\NetSetupEngine.dll'