1f34.1930: Log file opened: 5.0.8r103449 g_hStartupLog=0000000000000018 g_uNtVerCombined=0x63258000 1f34.1930: \SystemRoot\System32\ntdll.dll: 1f34.1930: CreationTime: 2015-10-13T23:34:31.183173000Z 1f34.1930: LastWriteTime: 2015-08-07T21:40:29.476583000Z 1f34.1930: ChangeTime: 2015-10-15T01:59:38.857902000Z 1f34.1930: FileAttributes: 0x20 1f34.1930: Size: 0x1a7f48 1f34.1930: NT Headers: 0xd8 1f34.1930: Timestamp: 0x55c4c16b 1f34.1930: Machine: 0x8664 - amd64 1f34.1930: Timestamp: 0x55c4c16b 1f34.1930: Image Version: 6.3 1f34.1930: SizeOfImage: 0x1ac000 (1753088) 1f34.1930: Resource Dir: 0x148000 LB 0x62450 1f34.1930: ProductName: Microsoft® Windows® Operating System 1f34.1930: ProductVersion: 6.3.9600.18007 1f34.1930: FileVersion: 6.3.9600.18007 (winblue_ltsb.150807-0612) 1f34.1930: FileDescription: NT Layer DLL 1f34.1930: \SystemRoot\System32\kernel32.dll: 1f34.1930: CreationTime: 2014-05-21T01:47:27.273618800Z 1f34.1930: LastWriteTime: 2014-03-20T04:19:59.915412000Z 1f34.1930: ChangeTime: 2015-10-15T02:02:00.089022700Z 1f34.1930: FileAttributes: 0x20 1f34.1930: Size: 0x13b3c0 1f34.1930: NT Headers: 0xe8 1f34.1930: Timestamp: 0x532a419c 1f34.1930: Machine: 0x8664 - amd64 1f34.1930: Timestamp: 0x532a419c 1f34.1930: Image Version: 6.3 1f34.1930: SizeOfImage: 0x13a000 (1286144) 1f34.1930: Resource Dir: 0x12a000 LB 0x520 1f34.1930: ProductName: Microsoft® Windows® Operating System 1f34.1930: ProductVersion: 6.3.9600.17056 1f34.1930: FileVersion: 6.3.9600.17056 (winblue_gdr.140319-1520) 1f34.1930: FileDescription: Windows NT BASE API Client DLL 1f34.1930: \SystemRoot\System32\KernelBase.dll: 1f34.1930: CreationTime: 2014-10-18T01:10:00.581170500Z 1f34.1930: LastWriteTime: 2014-08-16T03:58:45.372065200Z 1f34.1930: ChangeTime: 2015-10-15T02:02:00.635897700Z 1f34.1930: FileAttributes: 0x20 1f34.1930: Size: 0x10f9c0 1f34.1930: NT Headers: 0xf0 1f34.1930: Timestamp: 0x53eebf2e 1f34.1930: Machine: 0x8664 - amd64 1f34.1930: Timestamp: 0x53eebf2e 1f34.1930: Image Version: 6.3 1f34.1930: SizeOfImage: 0x10f000 (1110016) 1f34.1930: Resource Dir: 0x10a000 LB 0x3528 1f34.1930: ProductName: Microsoft® Windows® Operating System 1f34.1930: ProductVersion: 6.3.9600.17278 1f34.1930: FileVersion: 6.3.9600.17278 (winblue_r2.140815-1500) 1f34.1930: FileDescription: Windows NT BASE API Client DLL 1f34.1930: \SystemRoot\System32\apisetschema.dll: 1f34.1930: CreationTime: 2013-08-22T12:13:09.745625900Z 1f34.1930: LastWriteTime: 2013-08-22T12:35:12.091034400Z 1f34.1930: ChangeTime: 2014-05-14T02:05:30.364616000Z 1f34.1930: FileAttributes: 0x20 1f34.1930: Size: 0x11360 1f34.1930: NT Headers: 0xd0 1f34.1930: Timestamp: 0x52160049 1f34.1930: Machine: 0x8664 - amd64 1f34.1930: Timestamp: 0x52160049 1f34.1930: Image Version: 6.3 1f34.1930: SizeOfImage: 0x13000 (77824) 1f34.1930: Resource Dir: 0x11000 LB 0x3f8 1f34.1930: ProductName: Microsoft® Windows® Operating System 1f34.1930: ProductVersion: 6.3.9600.16384 1f34.1930: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623) 1f34.1930: FileDescription: ApiSet Schema DLL 1f34.1930: NtOpenDirectoryObject failed on \Driver: 0xc0000022 1f34.1930: supR3HardenedWinFindAdversaries: 0x0 1f34.1930: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\VMPROGVBOX' 1f34.1930: Calling main() 1f34.1930: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 1f34.1930: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\VMPROGVBOX' 1f34.1930: SUPR3HardenedMain: Respawn #1 1f34.1930: System32: \Device\HarddiskVolume1\Windows\System32 1f34.1930: WinSxS: \Device\HarddiskVolume1\Windows\WinSxS 1f34.1930: KnownDllPath: C:\Windows\system32 1f34.1930: '\Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe' has no imports 1f34.1930: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe) 1f34.1930: supR3HardNtEnableThreadCreation: 1f34.1930: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc09408ec0 pvNtTerminateThread=00007ffc09481700 1f34.1930: supR3HardenedWinDoReSpawn(1): New child 12dc.1bfc [kernel32]. 1f34.1930: supR3HardNtChildGatherData: PebBaseAddress=00007ff707303000 cbPeb=0x388 1f34.1930: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffc093f0000 uNtDllChildAddr=00007ffc093f0000 1f34.1930: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffc09408ec0 1f34.1930: supR3HardenedWinSetupChildInit: Start child. 1f34.1930: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 1f34.1930: supR3HardNtChildPurify: Startup delay kludge #1/0: 265 ms, 16 sleeps 1f34.1930: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 1f34.1930: *0000000000000000-fffffffffff7ffff 0x0001/0x0000 0x0000000 1f34.1930: *0000000000080000-000000000005ffff 0x0004/0x0004 0x0020000 1f34.1930: *00000000000a0000-0000000000090fff 0x0002/0x0002 0x0040000 1f34.1930: 00000000000af000-00000000000adfff 0x0001/0x0000 0x0000000 1f34.1930: *00000000000b0000-fffffffffffb3fff 0x0000/0x0004 0x0020000 1f34.1930: 00000000001ac000-00000000001a8fff 0x0104/0x0004 0x0020000 1f34.1930: 00000000001af000-00000000001adfff 0x0004/0x0004 0x0020000 1f34.1930: *00000000001b0000-00000000001abfff 0x0002/0x0002 0x0040000 1f34.1930: 00000000001b4000-00000000001a7fff 0x0001/0x0000 0x0000000 1f34.1930: *00000000001c0000-00000000001bdfff 0x0004/0x0004 0x0020000 1f34.1930: 00000000001c2000-ffffffff803a3fff 0x0001/0x0000 0x0000000 1f34.1930: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 1f34.1930: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 1f34.1930: 000000007fff0000-ffff8009f8d0ffff 0x0001/0x0000 0x0000000 1f34.1930: *00007ff7072d0000-00007ff70729cfff 0x0002/0x0002 0x0040000 1f34.1930: *00007ff707303000-00007ff707301fff 0x0004/0x0004 0x0020000 1f34.1930: 00007ff707304000-00007ff7072f9fff 0x0001/0x0000 0x0000000 1f34.1930: *00007ff70730e000-00007ff70730bfff 0x0004/0x0004 0x0020000 1f34.1930: 00007ff707310000-00007ff706a4ffff 0x0001/0x0000 0x0000000 1f34.1930: *00007ff707bd0000-00007ff707bd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe 1f34.1930: 00007ff707bd1000-00007ff707c57fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe 1f34.1930: 00007ff707c58000-00007ff707c58fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe 1f34.1930: 00007ff707c59000-00007ff707ca3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe 1f34.1930: 00007ff707ca4000-00007ff707ca4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe 1f34.1930: 00007ff707ca5000-00007ff707ca5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe 1f34.1930: 00007ff707ca6000-00007ff707caafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe 1f34.1930: 00007ff707cab000-00007ff707cabfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe 1f34.1930: 00007ff707cac000-00007ff707cacfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe 1f34.1930: 00007ff707cad000-00007ff707cb0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe 1f34.1930: 00007ff707cb1000-00007ff707cfbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe 1f34.1930: 00007ff707cfc000-00007ff206607fff 0x0001/0x0000 0x0000000 1f34.1930: *00007ffc093f0000-00007ffc093f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 1f34.1930: 00007ffc093f1000-00007ffc0951cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 1f34.1930: 00007ffc0951d000-00007ffc09522fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 1f34.1930: 00007ffc09523000-00007ffc0952ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 1f34.1930: 00007ffc09530000-00007ffc09530fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 1f34.1930: 00007ffc09531000-00007ffc09533fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 1f34.1930: 00007ffc09534000-00007ffc09534fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 1f34.1930: 00007ffc09535000-00007ffc0959bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 1f34.1930: 00007ffc0959c000-00007ff812b57fff 0x0001/0x0000 0x0000000 1f34.1930: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 1f34.1930: VirtualBox.exe: timestamp 0x561faefe (rc=VINF_SUCCESS) 1f34.1930: '\Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe' has no imports 1f34.1930: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports 1f34.1930: supR3HardNtChildPurify: Done after 312 ms and 0 fixes (loop #0). 1f34.1930: supR3HardNtEnableThreadCreation: 12dc.1bfc: Log file opened: 5.0.8r103449 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x63258000 12dc.1bfc: supR3HardenedVmProcessInit: uNtDllAddr=00007ffc093f0000 12dc.1bfc: ntdll.dll: timestamp 0x55c4c16b (rc=VINF_SUCCESS) 12dc.1bfc: New simple heap: #1 00000000002d0000 LB 0x400000 (for 1753088 allocation) 12dc.1bfc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\VMPROGVBOX' 12dc.1bfc: System32: \Device\HarddiskVolume1\Windows\System32 12dc.1bfc: WinSxS: \Device\HarddiskVolume1\Windows\WinSxS 12dc.1bfc: KnownDllPath: C:\Windows\system32 12dc.1bfc: supR3HardenedVmProcessInit: Opening vboxdrv stub... 12dc.1bfc: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 12dc.1bfc: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 12dc.1bfc: Registered Dll notification callback with NTDLL. 12dc.1bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll) 12dc.1bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll 12dc.1bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801: [calling] 12dc.1bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 12dc.1bfc: supR3HardenedDllNotificationCallback: load 00007ffc06350000 LB 0x0010f000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] 12dc.1bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll) 12dc.1bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll 12dc.1bfc: supR3HardenedDllNotificationCallback: load 00007ffc06970000 LB 0x0013a000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0] 12dc.1bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 12dc.1bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32\KERNEL32.DLL' 12dc.1bfc: supR3HardenedDllNotificationCallback: load 00007ff707bd0000 LB 0x0012c000 F:\VMPROGVBOX\VirtualBox.exe [fFlags=0x0] 12dc.1bfc: '\Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe' has no imports 12dc.1bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe) 12dc.1bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe 12dc.1bfc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc09408ec0 pvNtTerminateThread=00007ffc09481700 1f34.1930: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 125 ms. 12dc.1bfc: \SystemRoot\System32\ntdll.dll: 12dc.1bfc: CreationTime: 2015-10-13T23:34:31.183173000Z 12dc.1bfc: LastWriteTime: 2015-08-07T21:40:29.476583000Z 12dc.1bfc: ChangeTime: 2015-10-15T01:59:38.857902000Z 12dc.1bfc: FileAttributes: 0x20 12dc.1bfc: Size: 0x1a7f48 12dc.1bfc: NT Headers: 0xd8 12dc.1bfc: Timestamp: 0x55c4c16b 12dc.1bfc: Machine: 0x8664 - amd64 12dc.1bfc: Timestamp: 0x55c4c16b 12dc.1bfc: Image Version: 6.3 12dc.1bfc: SizeOfImage: 0x1ac000 (1753088) 12dc.1bfc: Resource Dir: 0x148000 LB 0x62450 12dc.1bfc: ProductName: Microsoft® Windows® Operating System 12dc.1bfc: ProductVersion: 6.3.9600.18007 12dc.1bfc: FileVersion: 6.3.9600.18007 (winblue_ltsb.150807-0612) 12dc.1bfc: FileDescription: NT Layer DLL 12dc.1bfc: \SystemRoot\System32\kernel32.dll: 12dc.1bfc: CreationTime: 2014-05-21T01:47:27.273618800Z 12dc.1bfc: LastWriteTime: 2014-03-20T04:19:59.915412000Z 12dc.1bfc: ChangeTime: 2015-10-15T02:02:00.089022700Z 12dc.1bfc: FileAttributes: 0x20 12dc.1bfc: Size: 0x13b3c0 12dc.1bfc: NT Headers: 0xe8 12dc.1bfc: Timestamp: 0x532a419c 12dc.1bfc: Machine: 0x8664 - amd64 12dc.1bfc: Timestamp: 0x532a419c 12dc.1bfc: Image Version: 6.3 12dc.1bfc: SizeOfImage: 0x13a000 (1286144) 12dc.1bfc: Resource Dir: 0x12a000 LB 0x520 12dc.1bfc: ProductName: Microsoft® Windows® Operating System 12dc.1bfc: ProductVersion: 6.3.9600.17056 12dc.1bfc: FileVersion: 6.3.9600.17056 (winblue_gdr.140319-1520) 12dc.1bfc: FileDescription: Windows NT BASE API Client DLL 12dc.1bfc: \SystemRoot\System32\KernelBase.dll: 12dc.1bfc: CreationTime: 2014-10-18T01:10:00.581170500Z 12dc.1bfc: LastWriteTime: 2014-08-16T03:58:45.372065200Z 12dc.1bfc: ChangeTime: 2015-10-15T02:02:00.635897700Z 12dc.1bfc: FileAttributes: 0x20 12dc.1bfc: Size: 0x10f9c0 12dc.1bfc: NT Headers: 0xf0 12dc.1bfc: Timestamp: 0x53eebf2e 12dc.1bfc: Machine: 0x8664 - amd64 12dc.1bfc: Timestamp: 0x53eebf2e 12dc.1bfc: Image Version: 6.3 12dc.1bfc: SizeOfImage: 0x10f000 (1110016) 12dc.1bfc: Resource Dir: 0x10a000 LB 0x3528 12dc.1bfc: ProductName: Microsoft® Windows® Operating System 12dc.1bfc: ProductVersion: 6.3.9600.17278 12dc.1bfc: FileVersion: 6.3.9600.17278 (winblue_r2.140815-1500) 12dc.1bfc: FileDescription: Windows NT BASE API Client DLL 12dc.1bfc: \SystemRoot\System32\apisetschema.dll: 12dc.1bfc: CreationTime: 2013-08-22T12:13:09.745625900Z 12dc.1bfc: LastWriteTime: 2013-08-22T12:35:12.091034400Z 12dc.1bfc: ChangeTime: 2014-05-14T02:05:30.364616000Z 12dc.1bfc: FileAttributes: 0x20 12dc.1bfc: Size: 0x11360 12dc.1bfc: NT Headers: 0xd0 12dc.1bfc: Timestamp: 0x52160049 12dc.1bfc: Machine: 0x8664 - amd64 12dc.1bfc: Timestamp: 0x52160049 12dc.1bfc: Image Version: 6.3 12dc.1bfc: SizeOfImage: 0x13000 (77824) 12dc.1bfc: Resource Dir: 0x11000 LB 0x3f8 12dc.1bfc: ProductName: Microsoft® Windows® Operating System 12dc.1bfc: ProductVersion: 6.3.9600.16384 12dc.1bfc: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623) 12dc.1bfc: FileDescription: ApiSet Schema DLL 12dc.1bfc: NtOpenDirectoryObject failed on \Driver: 0xc0000022 12dc.1bfc: supR3HardenedWinFindAdversaries: 0x0 12dc.1bfc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\VMPROGVBOX' 12dc.1bfc: Calling main() 12dc.1bfc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 12dc.1bfc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\VMPROGVBOX' 12dc.1bfc: '\Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe' has no imports 12dc.1bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe) 12dc.1bfc: SUPR3HardenedMain: Respawn #2 12dc.1bfc: supR3HardNtEnableThreadCreation: 12dc.1bfc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc09408ec0 pvNtTerminateThread=00007ffc09481700 12dc.1bfc: supR3HardenedWinDoReSpawn(2): New child 1104.bfc [kernel32]. 12dc.1bfc: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless) 12dc.1bfc: supR3HardNtChildGatherData: PebBaseAddress=00007ff70757e000 cbPeb=0x388 12dc.1bfc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffc093f0000 uNtDllChildAddr=00007ffc093f0000 12dc.1bfc: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffc09408ec0 12dc.1bfc: supR3HardenedWinSetupChildInit: Start child. 12dc.1bfc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 12dc.1bfc: supR3HardNtChildPurify: Startup delay kludge #1/0: 265 ms, 16 sleeps 12dc.1bfc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 12dc.1bfc: *0000000000000000-ffffffffff78ffff 0x0001/0x0000 0x0000000 12dc.1bfc: *0000000000870000-000000000084ffff 0x0004/0x0004 0x0020000 12dc.1bfc: *0000000000890000-0000000000880fff 0x0002/0x0002 0x0040000 12dc.1bfc: 000000000089f000-000000000089dfff 0x0001/0x0000 0x0000000 12dc.1bfc: *00000000008a0000-00000000007a3fff 0x0000/0x0004 0x0020000 12dc.1bfc: 000000000099c000-0000000000998fff 0x0104/0x0004 0x0020000 12dc.1bfc: 000000000099f000-000000000099dfff 0x0004/0x0004 0x0020000 12dc.1bfc: *00000000009a0000-000000000099bfff 0x0002/0x0002 0x0040000 12dc.1bfc: 00000000009a4000-0000000000997fff 0x0001/0x0000 0x0000000 12dc.1bfc: *00000000009b0000-00000000009adfff 0x0004/0x0004 0x0020000 12dc.1bfc: 00000000009b2000-ffffffff81383fff 0x0001/0x0000 0x0000000 12dc.1bfc: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 12dc.1bfc: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 12dc.1bfc: 000000007fff0000-ffff8009f8a9ffff 0x0001/0x0000 0x0000000 12dc.1bfc: *00007ff707540000-00007ff70750cfff 0x0002/0x0002 0x0040000 12dc.1bfc: 00007ff707573000-00007ff707569fff 0x0001/0x0000 0x0000000 12dc.1bfc: *00007ff70757c000-00007ff707579fff 0x0004/0x0004 0x0020000 12dc.1bfc: *00007ff70757e000-00007ff70757cfff 0x0004/0x0004 0x0020000 12dc.1bfc: 00007ff70757f000-00007ff706f2dfff 0x0001/0x0000 0x0000000 12dc.1bfc: *00007ff707bd0000-00007ff707bd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe 12dc.1bfc: 00007ff707bd1000-00007ff707c57fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe 12dc.1bfc: 00007ff707c58000-00007ff707c58fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe 12dc.1bfc: 00007ff707c59000-00007ff707ca3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe 12dc.1bfc: 00007ff707ca4000-00007ff707ca4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe 12dc.1bfc: 00007ff707ca5000-00007ff707ca5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe 12dc.1bfc: 00007ff707ca6000-00007ff707caafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe 12dc.1bfc: 00007ff707cab000-00007ff707cabfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe 12dc.1bfc: 00007ff707cac000-00007ff707cacfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe 12dc.1bfc: 00007ff707cad000-00007ff707cb0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe 12dc.1bfc: 00007ff707cb1000-00007ff707cfbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe 12dc.1bfc: 00007ff707cfc000-00007ff206607fff 0x0001/0x0000 0x0000000 12dc.1bfc: *00007ffc093f0000-00007ffc093f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 12dc.1bfc: 00007ffc093f1000-00007ffc0951cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 12dc.1bfc: 00007ffc0951d000-00007ffc09522fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 12dc.1bfc: 00007ffc09523000-00007ffc0952ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 12dc.1bfc: 00007ffc09530000-00007ffc09530fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 12dc.1bfc: 00007ffc09531000-00007ffc09533fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 12dc.1bfc: 00007ffc09534000-00007ffc09534fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 12dc.1bfc: 00007ffc09535000-00007ffc0959bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 12dc.1bfc: 00007ffc0959c000-00007ff812b57fff 0x0001/0x0000 0x0000000 12dc.1bfc: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 12dc.1bfc: VirtualBox.exe: timestamp 0x561faefe (rc=VINF_SUCCESS) 12dc.1bfc: '\Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe' has no imports 12dc.1bfc: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports 12dc.1bfc: supR3HardNtChildPurify: Done after 312 ms and 0 fixes (loop #0). 12dc.1bfc: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002d0000 LB 0x400000) 12dc.1bfc: supR3HardNtEnableThreadCreation: 1104.bfc: Log file opened: 5.0.8r103449 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x63258000 1104.bfc: supR3HardenedVmProcessInit: uNtDllAddr=00007ffc093f0000 1104.bfc: ntdll.dll: timestamp 0x55c4c16b (rc=VINF_SUCCESS) 1104.bfc: New simple heap: #1 0000000000ac0000 LB 0x400000 (for 1753088 allocation) 1104.bfc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\VMPROGVBOX' 1104.bfc: System32: \Device\HarddiskVolume1\Windows\System32 1104.bfc: WinSxS: \Device\HarddiskVolume1\Windows\WinSxS 1104.bfc: KnownDllPath: C:\Windows\system32 1104.bfc: supR3HardenedVmProcessInit: Opening vboxdrv... 1104.bfc: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 1104.bfc: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 1104.bfc: Registered Dll notification callback with NTDLL. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801: [calling] 1104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc06350000 LB 0x0010f000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc06970000 LB 0x0013a000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32\KERNEL32.DLL' 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ff707bd0000 LB 0x0012c000 F:\VMPROGVBOX\VirtualBox.exe [fFlags=0x0] 1104.bfc: '\Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe' has no imports 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe 1104.bfc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc09408ec0 pvNtTerminateThread=00007ffc09481700 12dc.1bfc: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 125 ms. 1104.bfc: \SystemRoot\System32\ntdll.dll: 1104.bfc: CreationTime: 2015-10-13T23:34:31.183173000Z 1104.bfc: LastWriteTime: 2015-08-07T21:40:29.476583000Z 1104.bfc: ChangeTime: 2015-10-15T01:59:38.857902000Z 1104.bfc: FileAttributes: 0x20 1104.bfc: Size: 0x1a7f48 1104.bfc: NT Headers: 0xd8 1104.bfc: Timestamp: 0x55c4c16b 1104.bfc: Machine: 0x8664 - amd64 1104.bfc: Timestamp: 0x55c4c16b 1104.bfc: Image Version: 6.3 1104.bfc: SizeOfImage: 0x1ac000 (1753088) 1104.bfc: Resource Dir: 0x148000 LB 0x62450 1104.bfc: ProductName: Microsoft® Windows® Operating System 1104.bfc: ProductVersion: 6.3.9600.18007 1104.bfc: FileVersion: 6.3.9600.18007 (winblue_ltsb.150807-0612) 1104.bfc: FileDescription: NT Layer DLL 1104.bfc: \SystemRoot\System32\kernel32.dll: 1104.bfc: CreationTime: 2014-05-21T01:47:27.273618800Z 1104.bfc: LastWriteTime: 2014-03-20T04:19:59.915412000Z 1104.bfc: ChangeTime: 2015-10-15T02:02:00.089022700Z 1104.bfc: FileAttributes: 0x20 1104.bfc: Size: 0x13b3c0 1104.bfc: NT Headers: 0xe8 1104.bfc: Timestamp: 0x532a419c 1104.bfc: Machine: 0x8664 - amd64 1104.bfc: Timestamp: 0x532a419c 1104.bfc: Image Version: 6.3 1104.bfc: SizeOfImage: 0x13a000 (1286144) 1104.bfc: Resource Dir: 0x12a000 LB 0x520 1104.bfc: ProductName: Microsoft® Windows® Operating System 1104.bfc: ProductVersion: 6.3.9600.17056 1104.bfc: FileVersion: 6.3.9600.17056 (winblue_gdr.140319-1520) 1104.bfc: FileDescription: Windows NT BASE API Client DLL 1104.bfc: \SystemRoot\System32\KernelBase.dll: 1104.bfc: CreationTime: 2014-10-18T01:10:00.581170500Z 1104.bfc: LastWriteTime: 2014-08-16T03:58:45.372065200Z 1104.bfc: ChangeTime: 2015-10-15T02:02:00.635897700Z 1104.bfc: FileAttributes: 0x20 1104.bfc: Size: 0x10f9c0 1104.bfc: NT Headers: 0xf0 1104.bfc: Timestamp: 0x53eebf2e 1104.bfc: Machine: 0x8664 - amd64 1104.bfc: Timestamp: 0x53eebf2e 1104.bfc: Image Version: 6.3 1104.bfc: SizeOfImage: 0x10f000 (1110016) 1104.bfc: Resource Dir: 0x10a000 LB 0x3528 1104.bfc: ProductName: Microsoft® Windows® Operating System 1104.bfc: ProductVersion: 6.3.9600.17278 1104.bfc: FileVersion: 6.3.9600.17278 (winblue_r2.140815-1500) 1104.bfc: FileDescription: Windows NT BASE API Client DLL 1104.bfc: \SystemRoot\System32\apisetschema.dll: 1104.bfc: CreationTime: 2013-08-22T12:13:09.745625900Z 1104.bfc: LastWriteTime: 2013-08-22T12:35:12.091034400Z 1104.bfc: ChangeTime: 2014-05-14T02:05:30.364616000Z 1104.bfc: FileAttributes: 0x20 1104.bfc: Size: 0x11360 1104.bfc: NT Headers: 0xd0 1104.bfc: Timestamp: 0x52160049 1104.bfc: Machine: 0x8664 - amd64 1104.bfc: Timestamp: 0x52160049 1104.bfc: Image Version: 6.3 1104.bfc: SizeOfImage: 0x13000 (77824) 1104.bfc: Resource Dir: 0x11000 LB 0x3f8 1104.bfc: ProductName: Microsoft® Windows® Operating System 1104.bfc: ProductVersion: 6.3.9600.16384 1104.bfc: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623) 1104.bfc: FileDescription: ApiSet Schema DLL 1104.bfc: NtOpenDirectoryObject failed on \Driver: 0xc0000022 1104.bfc: supR3HardenedWinFindAdversaries: 0x0 1104.bfc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\VMPROGVBOX' 1104.bfc: Calling main() 1104.bfc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 1104.bfc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\VMPROGVBOX' 1104.bfc: '\Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe' has no imports 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe) 1104.bfc: SUPR3HardenedMain: Final process, opening VBoxDrv... 1104.bfc: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000ac0000 LB 0x400000) 1104.bfc: supR3HardNtEnableThreadCreation: 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VBoxSupLib.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\VBoxSupLib.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 1104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxSupLib.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc019c0000 LB 0x00005000 F:\VMPROGVBOX\VBoxSupLib.DLL [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxSupLib.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxSupLib.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc019c0000 'F:\VMPROGVBOX\VBoxSupLib.DLL' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxSupLib.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc019c0000 'F:\VMPROGVBOX\VBoxSupLib.DLL' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc019c0000 'F:\VMPROGVBOX\VBoxSupLib.DLL' 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'crypt32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'msasn1.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wintrust.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wintrust.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msasn1.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msasn1.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'msasn1.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\crypt32.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\crypt32.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msvcrt.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcrt.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 1104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc071e0000 LB 0x000a7000 C:\Windows\system32\msvcrt.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc06300000 LB 0x00012000 C:\Windows\system32\MSASN1.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc065e0000 LB 0x001df000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc07b70000 LB 0x00141000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc06480000 LB 0x0004c000 C:\Windows\system32\Wintrust.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06480000 'C:\Windows\system32\Wintrust.dll' 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\bcrypt.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcrypt.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 1104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc05d70000 LB 0x00026000 C:\Windows\system32\bcrypt.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05d70000 'C:\Windows\system32\bcrypt.dll' 1104.bfc: bcrypt.dll loaded at 00007ffc05d70000, BCryptOpenAlgorithmProvider at 00007ffc05d72ce0, preloading providers: 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc06080000 LB 0x00060000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06080000 'C:\Windows\system32\bcryptprimitives.dll' 1104.bfc: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000fd8ac0) 1104.bfc: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000fd8e50) 1104.bfc: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000fd8fb0) 1104.bfc: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000fd9200) 1104.bfc: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000fd9320) 1104.bfc: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000fd9a30) 1104.bfc: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000fd9b50) 1104.bfc: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000fd9c70) 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06480000 'C:\Windows\System32\WINTRUST.DLL' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06480000 'C:\Windows\System32\WINTRUST.DLL' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06480000 'C:\Windows\System32\WINTRUST.DLL' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06480000 'C:\Windows\System32\WINTRUST.DLL' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06480000 'C:\Windows\System32\WINTRUST.DLL' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06480000 'C:\Windows\System32\WINTRUST.DLL' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06480000 'C:\Windows\System32\WINTRUST.DLL' 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\cryptsp.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptsp.dll 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc05b00000 LB 0x0001e000 C:\Windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rsaenh.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rsaenh.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc05730000 LB 0x00035000 C:\Windows\system32\rsaenh.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\cryptbase.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptbase.dll 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc06140000 LB 0x0000a000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32\kernel32.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06480000 'C:\Windows\System32\WINTRUST.DLL' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\CRYPT32.dll' 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc07b50000 LB 0x00015000 C:\Windows\system32\imagehlp.dll [fFlags=0x0] 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\imagehlp.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\imagehlp.dll 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'bcrypt.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ntasn1.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ncrypt.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ncrypt.dll 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ntasn1.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ntasn1.dll 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc05ce0000 LB 0x0003a000 C:\Windows\SYSTEM32\NTASN1.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntasn1.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc05d20000 LB 0x00024000 C:\Windows\SYSTEM32\ncrypt.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ncrypt.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\sechost.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sechost.dll 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc072f0000 LB 0x00059000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\sechost.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\gpapi.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gpapi.dll 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc05420000 LB 0x00024000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gpapi.dll [lacks WinVerifyTrust] 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\profapi.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\profapi.dll 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc06220000 LB 0x00014000 C:\Windows\SYSTEM32\profapi.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\profapi.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'crypt32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'wldap32.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptnet.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptnet.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume1\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\Wldap32.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\Wldap32.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntasn1.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\ntasn1.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntasn1.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc09370000 LB 0x0005c000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\Wldap32.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffbfa2a0000 LB 0x00034000 C:\Windows\system32\cryptnet.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa2a0000 'C:\Windows\system32\cryptnet.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa2a0000 'C:\Windows\system32\cryptnet.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa2a0000 'C:\Windows\system32\cryptnet.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa2a0000 'C:\Windows\system32\cryptnet.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa2a0000 'C:\Windows\system32\cryptnet.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa2a0000 'C:\Windows\system32\cryptnet.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa2a0000 'C:\Windows\system32\cryptnet.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa2a0000 'C:\Windows\system32\cryptnet.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa2a0000 'C:\Windows\system32\cryptnet.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa2a0000 'C:\Windows\system32\cryptnet.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa2a0000 'C:\Windows\system32\cryptnet.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa2a0000 'C:\Windows\system32\cryptnet.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa2a0000 'C:\Windows\System32\cryptnet.dll' 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\advapi32.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\advapi32.dll 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc068c0000 LB 0x000a5000 C:\Windows\SYSTEM32\advapi32.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume1\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\sechost.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000ff9240 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E9D449D768A53FA106767AD8C8013AB6DCC6C8EC 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc07b70000 'C:\Windows\system32\rpcrt4.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06480000 'C:\Windows\System32\WINTRUST.DLL' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06480000 'C:\Windows\System32\WINTRUST.DLL' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06480000 'C:\Windows\System32\WINTRUST.DLL' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06480000 'C:\Windows\System32\WINTRUST.DLL' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06480000 'C:\Windows\System32\WINTRUST.DLL' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06480000 'C:\Windows\System32\WINTRUST.DLL' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06480000 'C:\Windows\System32\WINTRUST.DLL' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_30_for_KB3088195~31bf3856ad364e35~amd64~~6.3.1.2.cat'; file='\SystemRoot\System32\ntdll.dll' 1104.bfc: g_pfnWinVerifyTrust=00007ffc06481040 1104.bfc: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [redoing WinVerifyTrust] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' 1104.bfc: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [redoing WinVerifyTrust] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\wintrust.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000037c pwszName=\Device\HarddiskVolume1\Windows\System32\Wldap32.dll 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A08496AE026B14E832621417F248DDCAECD22079 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_76_for_KB2984006~31bf3856ad364e35~amd64~~6.3.1.4.cat'; file='\Device\HarddiskVolume1\Windows\System32\Wldap32.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\Wldap32.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000378 pwszName=\Device\HarddiskVolume1\Windows\System32\cryptnet.dll 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0315578F0B76A9760FEA2715053C51E46A277B04 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-CoreSystem-DS-Package~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume1\Windows\System32\cryptnet.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptnet.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\profapi.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\gpapi.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\sechost.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\ntasn1.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\ncrypt.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\imagehlp.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptbase.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptsp.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\VMPROGVBOX\VBoxSupLib.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\KernelBase.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\kernel32.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x292d758d85f9d800 C=CN, O=OSCCA, CN=ROOTCA 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x78897337f320a800 C=CN, O=Alipay.com Co.,Ltd, OU=www.alipay.com, CN=ALIPAY_ROOT 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x6bd0297e6f5eb3a5 C=CN, O=Sinorail Certification Authority, CN=SRCA 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x6cfe8a8d674bca10 O=Alibaba.com Corporation, OU=CA Center, CN=Alibaba.com Corporation Root CA 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xcadc32c7ca6ffcfc CN=IcbcCA, O=icbc.com.cn 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xe7bda57c0ecbb00 CN=ICBC Root CA, O=Industrial and Commercial Bank of China 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x34ccc8a2de87f407 C=CN, O=CFCA Root CA 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x90d31b5ab79e90f8 CN=Personal ICBC CA, O=personal.icbc.com.cn 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xff3891b54348328 C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xad77733ff735d300 C=CN, O=CNNIC, CN=CNNIC ROOT 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x6e2ba21058eedf00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048) 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware 1104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root 1104.bfc: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=43 1104.bfc: SUPR3HardenedMain: Load Runtime... 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VBoxRT.dll) WinVerifyTrust 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\VBoxRT.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'nsi.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ws2_32.dll) WinVerifyTrust 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ws2_32.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 1104.bfc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\nsi.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\nsi.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\nsi.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll) WinVerifyTrust 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008] 1104.bfc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll) WinVerifyTrust 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01: [calling] 1104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxRT.dll 1104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll [avoiding WinVerifyTrust] 1104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll 1104.bfc: supR3HardenedDllNotificationCallback: load 000000006cca0000 LB 0x000d2000 F:\VMPROGVBOX\MSVCR100.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll [avoiding WinVerifyTrust] 1104.bfc: supR3HardenedDllNotificationCallback: load 000000006cc00000 LB 0x00098000 F:\VMPROGVBOX\MSVCP100.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc07680000 LB 0x00009000 C:\Windows\system32\NSI.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll [avoiding WinVerifyTrust] 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc06c30000 LB 0x00058000 C:\Windows\system32\WS2_32.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffbeca10000 LB 0x0055f000 F:\VMPROGVBOX\VBoxRT.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxRT.dll 1104.bfc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll'. 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rescheduled] 1104.bfc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\nsi.dll'. 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rescheduled] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxRT.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxRT.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxRT.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxRT.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxRT.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxRT.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxRT.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxRT.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06480000 'C:\Windows\system32\Wintrust.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: SUPR3HardenedMain: Load TrustedMain... 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.dll) WinVerifyTrust 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winmm.dll) WinVerifyTrust 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winmm.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume1\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a0 pwszName=\Device\HarddiskVolume1\Windows\System32\comdlg32.dll 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D07100D567670EB6C18EAD4F8F1561AE4F40E0A5 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1104.bfc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\user32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'gdi32.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\user32.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\user32.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008] 1104.bfc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\winmmbase.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'devobj.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winmmbase.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winmmbase.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume1\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008] 1104.bfc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\devobj.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'cfgmgr32.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\devobj.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\devobj.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1104.bfc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'user32.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\gdi32.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gdi32.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] 1104.bfc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_546_for_KB2975719~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume1\Windows\System32\comdlg32.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\comdlg32.dll) WinVerifyTrust 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\comdlg32.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 1104.bfc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\shell32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'user32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'shlwapi.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #59 'gdi32.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\shell32.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shell32.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\comctl32.dll' [rcNtRedir=0x0] 1104.bfc: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\comctl32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\comctl32.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\comctl32.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 1104.bfc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\shlwapi.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shlwapi.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\oleaut32.dll) WinVerifyTrust 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\oleaut32.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume1\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 1104.bfc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\combase.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\combase.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\combase.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'gdi32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ole32.dll) WinVerifyTrust 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ole32.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll [redoing WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume1\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\combase.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\shell32.dll' 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [redoing WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [redoing WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\user32.dll' 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\qtopenglvbox4.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\QtOpenGLVBox4.dll) WinVerifyTrust 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\QtOpenGLVBox4.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\qtcorevbox4.dll' [rcNtRedir=0xc0150008] 1104.bfc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\VMPROGVBOX\QtCoreVBox4.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\QtCoreVBox4.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\QtCoreVBox4.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\qtguivbox4.dll' [rcNtRedir=0xc0150008] 1104.bfc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\VMPROGVBOX\QtGuiVBox4.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\QtGuiVBox4.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\QtGuiVBox4.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 1104.bfc: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\opengl32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\opengl32.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\opengl32.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume1\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008] 1104.bfc: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\ddraw.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'user32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'gdi32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'dciman32.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\ddraw.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ddraw.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume1\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008] 1104.bfc: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\glu32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\glu32.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\glu32.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\qtcorevbox4.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\QtCoreVBox4.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume1\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008] 1104.bfc: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\winspool.drv'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\winspool.drv) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winspool.drv 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 1104.bfc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\imm32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'msctf.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\imm32.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\imm32.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume1\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\comdlg32.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume1\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008] 1104.bfc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\msctf.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'imm32.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msctf.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msctf.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume1\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008] 1104.bfc: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\dciman32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\dciman32.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dciman32.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\QtNetworkVBox4.dll) WinVerifyTrust 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\QtNetworkVBox4.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\qtguivbox4.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\QtGuiVBox4.dll [redoing WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\qtcorevbox4.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\QtCoreVBox4.dll [lacks WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\VMPROGVBOX\QtGuiVBox4.dll' 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\qtcorevbox4.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\QtCoreVBox4.dll [redoing WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\VMPROGVBOX\QtCoreVBox4.dll' 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll [redoing WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll [redoing WinVerifyTrust] 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000438 pwszName=\Device\HarddiskVolume1\Windows\System32\opengl32.dll 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E7B21317A30D467EC23A2D5AE5A00919E81ECF45 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume1\Windows\System32\opengl32.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1104.bfc: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01: [calling] 1104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.dll 1104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll 1104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\QtCoreVBox4.dll 1104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\QtGuiVBox4.dll 1104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\QtNetworkVBox4.dll 1104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\QtOpenGLVBox4.dll 1104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\glu32.dll [avoiding WinVerifyTrust] 1104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\winspool.drv [avoiding WinVerifyTrust] 1104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\combase.dll [avoiding WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll 1104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'combase.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\SHCore.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\SHCore.dll 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc06c90000 LB 0x00171000 C:\Windows\system32\USER32.dll [fFlags=0x0] 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc07350000 LB 0x0014f000 C:\Windows\system32\GDI32.dll [fFlags=0x0] 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc06580000 LB 0x00009000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\dciman32.dll [avoiding WinVerifyTrust] 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc07ce0000 LB 0x000f4000 C:\Windows\system32\DDRAW.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\ddraw.dll [avoiding WinVerifyTrust] 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc00900000 LB 0x0002c000 C:\Windows\SYSTEM32\GLU32.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\glu32.dll [avoiding WinVerifyTrust] 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffbed420000 LB 0x00121000 C:\Windows\SYSTEM32\OPENGL32.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc074a0000 LB 0x001d6000 C:\Windows\SYSTEM32\combase.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\combase.dll [avoiding WinVerifyTrust] 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc07690000 LB 0x00194000 C:\Windows\system32\ole32.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll 1104.bfc: supR3HardenedDllNotificationCallback: load 000000006c920000 LB 0x002de000 F:\VMPROGVBOX\QtCoreVBox4.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\QtCoreVBox4.dll 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc07290000 LB 0x00051000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust] 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffbf81b0000 LB 0x000a4000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\COMCTL32.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll [avoiding WinVerifyTrust] 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc07e40000 LB 0x0152b000 C:\Windows\system32\SHELL32.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc048a0000 LB 0x000b2000 C:\Windows\SYSTEM32\SHCORE.DLL [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\SHCore.dll [avoiding WinVerifyTrust] 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc07830000 LB 0x0009e000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\comdlg32.dll 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc06f70000 LB 0x000c1000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc06e10000 LB 0x00152000 C:\Windows\system32\MSCTF.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msctf.dll [avoiding WinVerifyTrust] 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc06ab0000 LB 0x00034000 C:\Windows\system32\IMM32.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [avoiding WinVerifyTrust] 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc06590000 LB 0x0004a000 C:\Windows\SYSTEM32\cfgmgr32.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust] 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc062d0000 LB 0x00026000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\devobj.dll [avoiding WinVerifyTrust] 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc06320000 LB 0x0002a000 C:\Windows\system32\WINMMBASE.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust] 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc06460000 LB 0x0001f000 C:\Windows\system32\WINMM.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc00fe0000 LB 0x0007b000 C:\Windows\SYSTEM32\WINSPOOL.DRV [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\winspool.drv [avoiding WinVerifyTrust] 1104.bfc: supR3HardenedDllNotificationCallback: load 000000006bfb0000 LB 0x0096c000 F:\VMPROGVBOX\QtGuiVBox4.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\QtGuiVBox4.dll 1104.bfc: supR3HardenedDllNotificationCallback: load 000000006bea0000 LB 0x00105000 F:\VMPROGVBOX\QtNetworkVBox4.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\QtNetworkVBox4.dll 1104.bfc: supR3HardenedDllNotificationCallback: load 000000006bdc0000 LB 0x000dc000 F:\VMPROGVBOX\QtOpenGLVBox4.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\QtOpenGLVBox4.dll 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffbe6800000 LB 0x00ab9000 F:\VMPROGVBOX\VirtualBox.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.dll 1104.bfc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\SHCore.dll'. 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\SHCore.dll' [rescheduled] 1104.bfc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll' [rescheduled] 1104.bfc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\dciman32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\dciman32.dll' [rescheduled] 1104.bfc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\msctf.dll'. 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\msctf.dll' [rescheduled] 1104.bfc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\imm32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\imm32.dll' [rescheduled] 1104.bfc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\winspool.drv'. 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\winspool.drv' [rescheduled] 1104.bfc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\glu32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\glu32.dll' [rescheduled] 1104.bfc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\ddraw.dll'. 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\ddraw.dll' [rescheduled] 1104.bfc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\combase.dll'. 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\combase.dll' [rescheduled] 1104.bfc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll'. 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rescheduled] 1104.bfc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\comctl32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\comctl32.dll' [rescheduled] 1104.bfc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' [rescheduled] 1104.bfc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\devobj.dll'. 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\devobj.dll' [rescheduled] 1104.bfc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\winmmbase.dll'. 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\winmmbase.dll' [rescheduled] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [redoing WinVerifyTrust] 1104.bfc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\imm32.dll'. 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume1\Windows\System32\imm32.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume1\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\combase.dll [redoing WinVerifyTrust] 1104.bfc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\combase.dll'. 1104.bfc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume1\Windows\System32\combase.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06ab0000 'C:\Windows\system32\imm32.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6800000 'F:\VMPROGVBOX\VirtualBox.dll' 1104.bfc: SUPR3HardenedMain: Calling TrustedMain (00007ffbe68010d0)... 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06460000 'C:\Windows\system32\winmm.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume1\Windows\System32\uxtheme.dll 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4235D21C52BC6FC9D5B6A7B3CE61ED85F804B2B7 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2550_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.cat'; file='\Device\HarddiskVolume1\Windows\System32\uxtheme.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\uxtheme.dll) WinVerifyTrust 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\uxtheme.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 1104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc04f90000 LB 0x00121000 C:\Windows\system32\uxtheme.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc04f90000 'C:\Windows\system32\uxtheme.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc04f90000 'C:\Windows\system32\uxtheme.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc04f90000 'C:\Windows\system32\uxtheme.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc04f90000 'C:\Windows\system32\uxtheme.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005e8 pwszName=\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\ink\tiptsf.dll 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1BB6CE930E60AA7DCEEF33C348F26E17010A36E3 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_218_for_KB2967917~31bf3856ad364e35~amd64~~6.3.1.2.cat'; file='\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\ink\tiptsf.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'user32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'combase.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\ink\tiptsf.dll) WinVerifyTrust 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\ink\tiptsf.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume1\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\combase.dll [redoing WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\combase.dll' 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 1104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\ink\tiptsf.dll 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffbf92b0000 LB 0x00098000 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\ink\tiptsf.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf92b0000 'C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll' 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'user32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'gdi32.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dwmapi.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dwmapi.dll 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc046d0000 LB 0x00020000 C:\Windows\system32\dwmapi.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\kernel.appcore.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel.appcore.dll 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc050e0000 LB 0x0000a000 C:\Windows\SYSTEM32\kernel.appcore.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\kernel.appcore.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\dwmapi.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc07e40000 'C:\Windows\system32\shell32.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32\kernel32.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc04f90000 'C:\Windows\system32\uxtheme.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc04f90000 'C:\Windows\system32\uxtheme.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06c90000 'C:\Windows\system32\user32.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc04f90000 'C:\Windows\system32\uxtheme.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06c90000 'C:\Windows\system32\user32.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc068c0000 'C:\Windows\system32\advapi32.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'profapi.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\userenv.dll) WinVerifyTrust 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\userenv.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\profapi.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\userenv.dll 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc05a80000 LB 0x0001e000 C:\Windows\system32\userenv.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\userenv.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05a80000 'C:\Windows\system32\userenv.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32\kernel32.dll' 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\clbcatq.dll) 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\clbcatq.dll 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc06810000 LB 0x000a4000 C:\Windows\SYSTEM32\clbcatq.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\clbcatq.dll [avoiding WinVerifyTrust] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\clbcatq.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1c54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1c54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1104.1c54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 1104.1c54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'psapi.dll'. 1104.1c54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'. 1104.1c54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. 1104.1c54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'version.dll'. 1104.1c54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'. 1104.1c54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'. 1104.1c54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'. 1104.1c54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VBoxC.dll) WinVerifyTrust 1104.1c54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\VBoxC.dll 1104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1104.1c54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll 1104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1104.1c54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll 1104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 1104.1c54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll 1104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'... 1104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume1\Windows\System32\version.dll' [rcNtRedir=0xc0150008] 1104.1c54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1c54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.1c54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 1104.1c54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\version.dll) WinVerifyTrust 1104.1c54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\version.dll 1104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxrt.dll' [rcNtRedir=0xc0150008] 1104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'... 1104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008] 1104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.1c54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1c54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.1c54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\psapi.dll) WinVerifyTrust 1104.1c54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\psapi.dll 1104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll' [rcNtRedir=0xc0150008] 1104.1c54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll 1104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008] 1104.1c54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll 1104.1c54: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 1104.1c54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxC.dll 1104.1c54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\version.dll 1104.1c54: supR3HardenedDllNotificationCallback: load 00007ffc093e0000 LB 0x00007000 C:\Windows\system32\PSAPI.DLL [fFlags=0x0] 1104.1c54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\psapi.dll 1104.1c54: supR3HardenedDllNotificationCallback: load 00007ffc03840000 LB 0x0000a000 C:\Windows\SYSTEM32\VERSION.dll [fFlags=0x0] 1104.1c54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\version.dll 1104.1c54: supR3HardenedDllNotificationCallback: load 00007ffbebcb0000 LB 0x005d6000 F:\VMPROGVBOX\VBoxC.dll [fFlags=0x0] 1104.1c54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxC.dll 1104.1c54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbebcb0000 'F:\VMPROGVBOX\VBoxC.dll' 1104.1c54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll 1104.1c54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 1104.1c54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06f70000 'C:\Windows\System32\oleaut32.dll' 1104.1c54: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\sxs.dll) 1104.1c54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sxs.dll 1104.1c54: supR3HardenedDllNotificationCallback: load 00007ffc06150000 LB 0x00097000 C:\Windows\SYSTEM32\sxs.dll [fFlags=0x0] 1104.1c54: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\sxs.dll [avoiding WinVerifyTrust] 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006f8 pwszName=\Device\HarddiskVolume1\Windows\System32\sxs.dll 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=687F47861CE02066FB64E8228B3C4D091FA20854 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume1\Windows\System32\sxs.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\sxs.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06f70000 'C:\Windows\system32\OLEAUT32.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc07350000 'C:\Windows\system32\gdi32.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06c90000 'C:\Windows\system32\user32.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc07690000 'C:\Windows\system32\ole32.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msctf.dll [redoing WinVerifyTrust] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msctf.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msctf.dll (Input=msctf.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06e10000 'C:\Windows\system32\msctf.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b2c pwszName=\Device\HarddiskVolume1\Windows\System32\oleacc.dll 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=09E7155C8658B38B921127B3251B1D38588DF5C8 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume1\Windows\System32\oleacc.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\oleacc.dll) WinVerifyTrust 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\oleacc.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume1\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\combase.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleacc.dll (Input=oleacc.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleacc.dll 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc03850000 LB 0x00063000 C:\Windows\system32\oleacc.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleacc.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03850000 'C:\Windows\system32\oleacc.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.DLL (Input=OLEAUT32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06f70000 'C:\Windows\system32\OLEAUT32.DLL' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleacc.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleacc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03850000 'C:\Windows\system32\oleacc.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qtguivbox4.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\accessible\qtaccessiblewidgets4.dll) WinVerifyTrust 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\accessible\qtaccessiblewidgets4.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\qtcorevbox4.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\QtCoreVBox4.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\qtguivbox4.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\QtGuiVBox4.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\accessible\qtaccessiblewidgets4.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\accessible\qtaccessiblewidgets4.dll 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffbfbe60000 LB 0x0003b000 F:\VMPROGVBOX\accessible\qtaccessiblewidgets4.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\accessible\qtaccessiblewidgets4.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfbe60000 'F:\VMPROGVBOX\accessible\qtaccessiblewidgets4.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msctf.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06e10000 'C:\Windows\system32\MSCTF.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06c90000 'C:\Windows\system32\user32.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc07690000 'C:\Windows\system32\ole32.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06f70000 'C:\Windows\system32\OLEAUT32.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b1c pwszName=\Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7236FDED02E3449B6CA92FB6E4246EBF9068E8BF 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_110_for_KB2962409~31bf3856ad364e35~amd64~~6.3.1.2.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b24 pwszName=\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C8CF4605B4B026F3426876C8B971F3B65D680FCA 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'ws2_32.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll) WinVerifyTrust 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 1104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll 1104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffbfd3d0000 LB 0x0007f000 C:\Windows\SYSTEM32\wbemcomn.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffbfd3b0000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06350000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfd3b0000 'C:\Windows\system32\wbem\wbemprox.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b90 pwszName=\Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CAF9F72D1022230646E0EDB101D9050122FBB222 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_110_for_KB2962409~31bf3856ad364e35~amd64~~6.3.1.2.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 1104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffbfce10000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfce10000 'C:\Windows\system32\wbem\wbemsvc.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06350000 'api-ms-win-core-localization-l1-2-0.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06350000 'api-ms-win-core-localization-obsolete-l1-1-0.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bf0 pwszName=\Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3F29F8F4F858A7AFDF4CD047A78948C26E8333B6 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'. 1104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll) WinVerifyTrust 1104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 1104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll 1104.bfc: supR3HardenedDllNotificationCallback: load 00007ffbfce30000 LB 0x000e4000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfce30000 'C:\Windows\system32\wbem\fastprox.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06f70000 'C:\Windows\system32\OLEAUT32.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll' [redir] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll [redoing WinVerifyTrust] 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000500 pwszName=\Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6522FA6F02EF4787F28DA6C27054084E2173E41 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3059317~31bf3856ad364e35~amd64~~6.3.1.0.cat'; file='\Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll' 1104.bfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf81b0000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc07690000 'C:\Windows\system32\ole32.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\ink\tiptsf.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf92b0000 'C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll' 1104.1bcc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1bcc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1104.1bcc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'. 1104.1bcc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1104.1bcc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VBoxVMM.dll) WinVerifyTrust 1104.1bcc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\VBoxVMM.dll 1104.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1104.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxrt.dll' [rcNtRedir=0xc0150008] 1104.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'... 1104.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxrem.dll' [rcNtRedir=0xc0150008] 1104.1bcc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1bcc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'. 1104.1bcc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 1104.1bcc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'. 1104.1bcc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VBoxREM.dll) WinVerifyTrust 1104.1bcc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\VBoxREM.dll 1104.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1104.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008] 1104.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 1104.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxvmm.dll' [rcNtRedir=0xc0150008] 1104.1bcc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxVMM.dll 1104.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1104.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxrt.dll' [rcNtRedir=0xc0150008] 1104.1bcc: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.1bcc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxVMM.dll 1104.1bcc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxREM.dll 1104.1bcc: supR3HardenedDllNotificationCallback: load 000000006bcb0000 LB 0x0010a000 F:\VMPROGVBOX\VBoxREM.dll [fFlags=0x0] 1104.1bcc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxREM.dll 1104.1bcc: supR3HardenedDllNotificationCallback: load 00007ffbe6560000 LB 0x00293000 F:\VMPROGVBOX\VBoxVMM.DLL [fFlags=0x0] 1104.1bcc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxVMM.dll 1104.1bcc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6560000 'F:\VMPROGVBOX\VBoxVMM.DLL' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 1104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\drivers\VBoxUSBMon.sys) 1104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\drivers\VBoxUSBMon.sys 1104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\drivers\VBoxUSBMon.sys [avoiding WinVerifyTrust] 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 1104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\drivers\VBoxDrv.sys) 1104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\drivers\VBoxDrv.sys 1104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\drivers\VBoxDrv.sys [avoiding WinVerifyTrust] 1104.12a8: \Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetAdp6.sys: Owner is administrators group. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ndis.sys'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ntoskrnl.exe'. 1104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetAdp6.sys) 1104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetAdp6.sys 1104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetAdp6.sys [avoiding WinVerifyTrust] 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'. 1104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetLwf.sys) 1104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetLwf.sys 1104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetLwf.sys [avoiding WinVerifyTrust] 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'... 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume1\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008] 1104.1dd4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\drivers\netio.sys'. 1104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 1104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'. 1104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msrpc.sys'. 1104.1dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\drivers\netio.sys) 1104.1dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\drivers\netio.sys 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'... 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume1\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008] 1104.1dd4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\drivers\ndis.sys'. 1104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 1104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'. 1104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'. 1104.1dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\drivers\ndis.sys) 1104.1dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\drivers\ndis.sys 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 1104.1dd4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe'. 1104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'pshed.dll'. 1104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'hal.dll'. 1104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'bootvid.dll'. 1104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'kdcom.dll'. 1104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ci.dll'. 1104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msrpc.sys'. 1104.1dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe) 1104.1dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 1104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'... 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume1\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008] 1104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\drivers\ndis.sys [lacks WinVerifyTrust] 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 1104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 1104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'... 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msrpc.sys' 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ci.dll'... 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ci.dll' -> '\Device\HarddiskVolume1\Windows\System32\ci.dll' [rcNtRedir=0xc0150008] 1104.1dd4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\ci.dll'. 1104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 1104.1dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ci.dll) 1104.1dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ci.dll 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'... 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume1\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008] 1104.1dd4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\kdcom.dll'. 1104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 1104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'. 1104.1dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\kdcom.dll) 1104.1dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kdcom.dll 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bootvid.dll'... 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bootvid.dll' -> '\Device\HarddiskVolume1\Windows\System32\bootvid.dll' [rcNtRedir=0xc0150008] 1104.1dd4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\BOOTVID.DLL'. 1104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 1104.1dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\BOOTVID.DLL) 1104.1dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\BOOTVID.DLL 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'... 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume1\Windows\System32\hal.dll' [rcNtRedir=0xc0150008] 1104.1dd4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\hal.dll'. 1104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 1104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'kdcom.dll'. 1104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'pshed.dll'. 1104.1dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\hal.dll) 1104.1dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\hal.dll 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'... 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume1\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008] 1104.1dd4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\PSHED.DLL'. 1104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 1104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'. 1104.1dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\PSHED.DLL) 1104.1dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\PSHED.DLL 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'... 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume1\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008] 1104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\drivers\netio.sys [lacks WinVerifyTrust] 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'... 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume1\Windows\System32\hal.dll' [rcNtRedir=0xc0150008] 1104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\hal.dll [lacks WinVerifyTrust] 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 1104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'... 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msrpc.sys' -> '\Device\HarddiskVolume1\Windows\System32\drivers\msrpc.sys' [rcNtRedir=0xc0150008] 1104.1dd4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\drivers\msrpc.sys'. 1104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 1104.1dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\drivers\msrpc.sys) 1104.1dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\drivers\msrpc.sys 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'... 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume1\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008] 1104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\drivers\ndis.sys [lacks WinVerifyTrust] 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 1104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 1104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'... 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume1\Windows\System32\hal.dll' [rcNtRedir=0xc0150008] 1104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\hal.dll [lacks WinVerifyTrust] 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 1104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'... 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume1\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008] 1104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\PSHED.DLL [lacks WinVerifyTrust] 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'... 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume1\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008] 1104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kdcom.dll [lacks WinVerifyTrust] 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 1104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 1104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'... 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume1\Windows\System32\hal.dll' [rcNtRedir=0xc0150008] 1104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\hal.dll [lacks WinVerifyTrust] 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 1104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 1104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 1104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1dd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetLwf.sys' 1104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1dd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetAdp6.sys' 1104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1dd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\drivers\VBoxDrv.sys' 1104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1dd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\drivers\VBoxUSBMon.sys' 1104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.1dd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\drivers\msrpc.sys' 1104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.1dd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\PSHED.DLL' 1104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.1dd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\hal.dll' 1104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.1dd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\BOOTVID.DLL' 1104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.1dd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\kdcom.dll' 1104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.1dd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\ci.dll' 1104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1dd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll 1104.1dd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.1dd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' 1104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.1dd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\drivers\ndis.sys' 1104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.1dd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\drivers\netio.sys' 1104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 1104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 1104.1dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VBoxSharedClipboard.dll) WinVerifyTrust 1104.1dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\VBoxSharedClipboard.dll 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxrt.dll' [rcNtRedir=0xc0150008] 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxvmm.dll' [rcNtRedir=0xc0150008] 1104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxVMM.dll 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008] 1104.1dd4: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.1dd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxSharedClipboard.dll 1104.1dd4: supR3HardenedDllNotificationCallback: load 00007ffc00a30000 LB 0x0000a000 F:\VMPROGVBOX\VBoxSharedClipboard.DLL [fFlags=0x0] 1104.1dd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxSharedClipboard.dll 1104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc00a30000 'F:\VMPROGVBOX\VBoxSharedClipboard.DLL' 1104.1d08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1d08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1104.1d08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 1104.1d08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1104.1d08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VBoxDragAndDropSvc.dll) WinVerifyTrust 1104.1d08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\VBoxDragAndDropSvc.dll 1104.1d08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1104.1d08: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxrt.dll' [rcNtRedir=0xc0150008] 1104.1d08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1104.1d08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll' [rcNtRedir=0xc0150008] 1104.1d08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll 1104.1d08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1104.1d08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008] 1104.1d08: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.1d08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxDragAndDropSvc.dll 1104.1d08: supR3HardenedDllNotificationCallback: load 00007ffc008f0000 LB 0x0000d000 F:\VMPROGVBOX\VBoxDragAndDropSvc.DLL [fFlags=0x0] 1104.1d08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxDragAndDropSvc.dll 1104.1d08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc008f0000 'F:\VMPROGVBOX\VBoxDragAndDropSvc.DLL' 1104.1fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1104.1fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 1104.1fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1104.1fb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VBoxGuestPropSvc.dll) WinVerifyTrust 1104.1fb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\VBoxGuestPropSvc.dll 1104.1fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1104.1fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxrt.dll' [rcNtRedir=0xc0150008] 1104.1fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1104.1fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll' [rcNtRedir=0xc0150008] 1104.1fb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll 1104.1fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1104.1fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008] 1104.1fb4: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.1fb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxGuestPropSvc.dll 1104.1fb4: supR3HardenedDllNotificationCallback: load 00007ffc008e0000 LB 0x0000f000 F:\VMPROGVBOX\VBoxGuestPropSvc.DLL [fFlags=0x0] 1104.1fb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxGuestPropSvc.dll 1104.1fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc008e0000 'F:\VMPROGVBOX\VBoxGuestPropSvc.DLL' 1104.1fc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1fc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1104.1fc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 1104.1fc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1104.1fc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VBoxGuestControlSvc.dll) WinVerifyTrust 1104.1fc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\VBoxGuestControlSvc.dll 1104.1fc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1104.1fc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxrt.dll' [rcNtRedir=0xc0150008] 1104.1fc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1104.1fc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll' [rcNtRedir=0xc0150008] 1104.1fc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1104.1fc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008] 1104.1fc0: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.1fc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxGuestControlSvc.dll 1104.1fc0: supR3HardenedDllNotificationCallback: load 00007ffc008d0000 LB 0x0000e000 F:\VMPROGVBOX\VBoxGuestControlSvc.DLL [fFlags=0x0] 1104.1fc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxGuestControlSvc.dll 1104.1fc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc008d0000 'F:\VMPROGVBOX\VBoxGuestControlSvc.DLL' 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll 1104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc07e40000 'C:\Windows\system32/Shell32.dll' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'. 1104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VBoxDD.dll) WinVerifyTrust 1104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\VBoxDD.dll 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winnsi.dll'. 1104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust 1104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008] 1104.12a8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\winnsi.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'. 1104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winnsi.dll) 1104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winnsi.dll 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll [lacks WinVerifyTrust] 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll [lacks WinVerifyTrust] 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'cfgmgr32.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'. 1104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\setupapi.dll) WinVerifyTrust 1104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\setupapi.dll 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxdd2.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VBoxDD2.dll) WinVerifyTrust 1104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\VBoxDD2.dll 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxddu.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxrt.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxvmm.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxVMM.dll 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'. 1104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VBoxDDU.dll) WinVerifyTrust 1104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\VBoxDDU.dll 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxrt.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxvmm.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxVMM.dll 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume1\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cf8 pwszName=\Device\HarddiskVolume1\Windows\System32\newdev.dll 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EAD431E57FCC787ED701559E9AF2ACC33D2DCED0 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1722_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.cat'; file='\Device\HarddiskVolume1\Windows\System32\newdev.dll' 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'uxtheme.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'cfgmgr32.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'setupapi.dll'. 1104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\newdev.dll) WinVerifyTrust 1104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\newdev.dll 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxrt.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.12a8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume1\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxDD.dll 1104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxDDU.dll 1104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxDD2.dll 1104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL 1104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\newdev.dll 1104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winnsi.dll [avoiding WinVerifyTrust] 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.12a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\devrtl.dll) 1104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\devrtl.dll 1104.12a8: supR3HardenedDllNotificationCallback: load 00007ffc07970000 LB 0x001d4000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0] 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll 1104.12a8: supR3HardenedDllNotificationCallback: load 00007ffbfd200000 LB 0x00014000 C:\Windows\SYSTEM32\devrtl.DLL [fFlags=0x0] 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\devrtl.dll [avoiding WinVerifyTrust] 1104.12a8: supR3HardenedDllNotificationCallback: load 00007ffbf2840000 LB 0x00054000 C:\Windows\SYSTEM32\newdev.dll [fFlags=0x0] 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\newdev.dll 1104.12a8: supR3HardenedDllNotificationCallback: load 00007ffbf1620000 LB 0x00061000 F:\VMPROGVBOX\VBoxDDU.dll [fFlags=0x0] 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxDDU.dll 1104.12a8: supR3HardenedDllNotificationCallback: load 00007ffbf9900000 LB 0x00035000 F:\VMPROGVBOX\VBoxDD2.dll [fFlags=0x0] 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxDD2.dll 1104.12a8: supR3HardenedDllNotificationCallback: load 00007ffc01090000 LB 0x0000a000 C:\Windows\SYSTEM32\WINNSI.DLL [fFlags=0x0] 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winnsi.dll [avoiding WinVerifyTrust] 1104.12a8: supR3HardenedDllNotificationCallback: load 00007ffc010a0000 LB 0x00029000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0] 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL 1104.12a8: supR3HardenedDllNotificationCallback: load 00007ffbe5c70000 LB 0x008e2000 F:\VMPROGVBOX\VBoxDD.DLL [fFlags=0x0] 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxDD.dll 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5c70000 'F:\VMPROGVBOX/VBoxDD.DLL' 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e38 pwszName=\Device\HarddiskVolume1\Windows\System32\devrtl.dll 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6059B260D211680DF083154CCCE38DE8412914CF 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-CoreSystem-Base-Package~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume1\Windows\System32\devrtl.dll' 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1104.12a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\devrtl.dll' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.12a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\winnsi.dll' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxC.dll 1104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbebcb0000 'F:\VMPROGVBOX/VBoxC.DLL' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxDD2.dll 1104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf9900000 'F:\VMPROGVBOX/VBoxDD2.DLL' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1df8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1104.1df8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 1104.1df8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1104.1df8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VBoxSharedFolders.dll) WinVerifyTrust 1104.1df8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\VBoxSharedFolders.dll 1104.1df8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1104.1df8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxrt.dll' [rcNtRedir=0xc0150008] 1104.1df8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 1104.1df8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxvmm.dll' [rcNtRedir=0xc0150008] 1104.1df8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxVMM.dll 1104.1df8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1104.1df8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008] 1104.1df8: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.1df8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxSharedFolders.dll 1104.1df8: supR3HardenedDllNotificationCallback: load 00007ffbff890000 LB 0x0000d000 F:\VMPROGVBOX\VBoxSharedFolders.DLL [fFlags=0x0] 1104.1df8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxSharedFolders.dll 1104.1df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbff890000 'F:\VMPROGVBOX\VBoxSharedFolders.DLL' 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL 1104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc010a0000 'C:\Windows\system32/Iphlpapi.dll' 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'. 1104.12a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll) 1104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll 1104.12a8: supR3HardenedDllNotificationCallback: load 00007ffc004f0000 LB 0x00014000 C:\Windows\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0] 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust] 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'. 1104.12a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll) 1104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll 1104.12a8: supR3HardenedDllNotificationCallback: load 00007ffc004d0000 LB 0x00019000 C:\Windows\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0] 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust] 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f34 pwszName=\Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B2E8A5C503120A11AEA21658FF24E56CA6FD0F29 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll [lacks WinVerifyTrust] 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_198_for_KB2962409~31bf3856ad364e35~amd64~~6.3.1.2.cat'; file='\Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll' 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1104.12a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll' 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f28 pwszName=\Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F1462D922EF889F4B0A9FD14B2DFE30CDCB183D5 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_198_for_KB2962409~31bf3856ad364e35~amd64~~6.3.1.2.cat'; file='\Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll' 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1104.12a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll' 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fb8 pwszName=\Device\HarddiskVolume1\Windows\System32\dsound.dll 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=ADB542ACB56917DACFC9792CAC57CDEED29A58E5 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-avcore~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume1\Windows\System32\dsound.dll' 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'. 1104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dsound.dll) WinVerifyTrust 1104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dsound.dll 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume1\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'. 1104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\powrprof.dll) WinVerifyTrust 1104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\powrprof.dll 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll 1104.12a8: supR3HardenedDllNotificationCallback: load 00007ffc067c0000 LB 0x00045000 C:\Windows\system32\POWRPROF.dll [fFlags=0x0] 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\powrprof.dll 1104.12a8: supR3HardenedDllNotificationCallback: load 00007ffc078e0000 LB 0x00087000 C:\Windows\system32\dsound.dll [fFlags=0x0] 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll 1104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc078e0000 'C:\Windows\system32\dsound.dll' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc078e0000 'C:\Windows\system32/dsound.dll' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'rpcrt4.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'devobj.dll'. 1104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll) WinVerifyTrust 1104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume1\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\devobj.dll [redoing WinVerifyTrust] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.12a8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\devobj.dll' 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 1104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll 1104.12a8: supR3HardenedDllNotificationCallback: load 00007ffc04290000 LB 0x00062000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0] 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc04290000 'C:\Windows\System32\MMDevApi.dll' 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll 1104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc04290000 'C:\Windows\system32\MMDEVAPI.DLL' 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll 1104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06460000 'C:\Windows\system32\winmm.dll' 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fa8 pwszName=\Device\HarddiskVolume1\Windows\System32\wdmaud.drv 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A1CBABB000F9496EAA31F2C938BD998B09CAF0CC 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-avcore~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume1\Windows\System32\wdmaud.drv' 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'mmdevapi.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'user32.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'winmm.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ksuser.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'avrt.dll'. 1104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wdmaud.drv) WinVerifyTrust 1104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wdmaud.drv 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\avrt.dll) WinVerifyTrust 1104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\avrt.dll 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume1\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ksuser.dll) WinVerifyTrust 1104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ksuser.dll 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv 1104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ksuser.dll 1104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\avrt.dll 1104.12a8: supR3HardenedDllNotificationCallback: load 00007ffc021a0000 LB 0x00008000 C:\Windows\SYSTEM32\ksuser.dll [fFlags=0x0] 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ksuser.dll 1104.12a8: supR3HardenedDllNotificationCallback: load 00007ffc03a10000 LB 0x0000b000 C:\Windows\SYSTEM32\AVRT.dll [fFlags=0x0] 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\avrt.dll 1104.12a8: supR3HardenedDllNotificationCallback: load 00007ffbf28a0000 LB 0x0003c000 C:\Windows\system32\wdmaud.drv [fFlags=0x0] 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf28a0000 'C:\Windows\system32\wdmaud.drv' 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv 1104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf28a0000 'C:\Windows\system32\wdmaud.drv' 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv 1104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf28a0000 'C:\Windows\system32\wdmaud.drv' 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv 1104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf28a0000 'C:\Windows\system32\wdmaud.drv' 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv 1104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf28a0000 'C:\Windows\system32\wdmaud.drv' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'mmdevapi.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'. 1104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\AudioSes.dll) WinVerifyTrust 1104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\AudioSes.dll 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume1\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\combase.dll 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\AudioSes.dll 1104.12a8: supR3HardenedDllNotificationCallback: load 00007ffc00d30000 LB 0x0007e000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0] 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\AudioSes.dll 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc00d30000 'C:\Windows\system32\AUDIOSES.DLL' 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv 1104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf28a0000 'C:\Windows\system32\wdmaud.drv' 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv 1104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf28a0000 'C:\Windows\system32\wdmaud.drv' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf28a0000 'C:\Windows\system32\wdmaud.drv' 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f38 pwszName=\Device\HarddiskVolume1\Windows\System32\msacm32.drv 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D0FA85EFCB35F052852A205B01E87BA502D7D932 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-avcore~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume1\Windows\System32\msacm32.drv' 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'. 1104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msacm32.drv) WinVerifyTrust 1104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msacm32.drv 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msacm32.dll) WinVerifyTrust 1104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msacm32.dll 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv 1104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.dll 1104.12a8: supR3HardenedDllNotificationCallback: load 00007ffbf8580000 LB 0x0001b000 C:\Windows\SYSTEM32\MSACM32.dll [fFlags=0x0] 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.dll 1104.12a8: supR3HardenedDllNotificationCallback: load 00007ffc00bb0000 LB 0x0000b000 C:\Windows\system32\msacm32.drv [fFlags=0x0] 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc00bb0000 'C:\Windows\system32\msacm32.drv' 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv 1104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc00bb0000 'C:\Windows\system32\msacm32.drv' 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv 1104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc00bb0000 'C:\Windows\system32\msacm32.drv' 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv 1104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc00bb0000 'C:\Windows\system32\msacm32.drv' 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv 1104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc00bb0000 'C:\Windows\system32\msacm32.drv' 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv 1104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc00bb0000 'C:\Windows\system32\msacm32.drv' 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv 1104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc00bb0000 'C:\Windows\system32\msacm32.drv' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc00bb0000 'C:\Windows\system32\msacm32.drv' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc00bb0000 'C:\Windows\system32\msacm32.drv' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc00bb0000 'C:\Windows\system32\msacm32.drv' 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001030 pwszName=\Device\HarddiskVolume1\Windows\System32\midimap.dll 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8BADF8E473237389086DF46C97735398789C3969 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-avcore~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume1\Windows\System32\midimap.dll' 1104.12a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 1104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'. 1104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\midimap.dll) WinVerifyTrust 1104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\midimap.dll 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll 1104.12a8: supR3HardenedDllNotificationCallback: load 00007ffc00ba0000 LB 0x0000a000 C:\Windows\system32\midimap.dll [fFlags=0x0] 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc00ba0000 'C:\Windows\system32\midimap.dll' 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll 1104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc00ba0000 'C:\Windows\system32\midimap.dll' 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll 1104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc00ba0000 'C:\Windows\system32\midimap.dll' 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll 1104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc00ba0000 'C:\Windows\system32\midimap.dll' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06460000 'C:\Windows\system32\winmm.dll' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06460000 'C:\Windows\system32\winmm.dll' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06460000 'C:\Windows\system32\winmm.dll' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06460000 'C:\Windows\system32\winmm.dll' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06460000 'C:\Windows\system32\winmm.dll' 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06460000 'C:\Windows\system32\winmm.dll' 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll 1104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc078e0000 'C:\Windows\System32\dsound.dll' 1104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll 1104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32/kernel32.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc07e40000 'C:\Windows\system32\shell32.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc07e40000 'C:\Windows\system32\shell32.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc07e40000 'C:\Windows\system32\shell32.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc07e40000 'C:\Windows\system32\shell32.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc07e40000 'C:\Windows\system32\shell32.dll' 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc07e40000 'C:\Windows\system32\shell32.dll' 1104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'. 1104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'. 1104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'combase.dll'. 1104.1d20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\propsys.dll) 1104.1d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\propsys.dll 1104.1d20: supR3HardenedDllNotificationCallback: load 00007ffc024c0000 LB 0x0016f000 C:\Windows\SYSTEM32\PROPSYS.dll [fFlags=0x0] 1104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\propsys.dll [avoiding WinVerifyTrust] 1104.1d20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\apphelp.dll) 1104.1d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\apphelp.dll 1104.1d20: supR3HardenedDllNotificationCallback: load 00007ffc04e70000 LB 0x0008e000 C:\Windows\SYSTEM32\apphelp.dll [fFlags=0x0] 1104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [avoiding WinVerifyTrust] 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010b4 pwszName=\Device\HarddiskVolume1\Windows\System32\apphelp.dll 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=42E26D076286ECAAC1729250540377F2004F5DC1 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume1\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 1104.1d20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\combase.dll 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB3061468~31bf3856ad364e35~amd64~~6.3.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\apphelp.dll' 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1104.1d20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\apphelp.dll' 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.1d20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\propsys.dll' 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010dc pwszName=\Device\HarddiskVolume1\Windows\System32\ieframe.dll 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C2A45C4287ADEBDF19D2AE4AC8A1FDA79836EF40 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_97_for_KB3093983~31bf3856ad364e35~amd64~~6.3.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\ieframe.dll' 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'shlwapi.dll'. 1104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 1104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'. 1104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'user32.dll'. 1104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ole32.dll'. 1104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'oleaut32.dll'. 1104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'shell32.dll'. 1104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'iertutil.dll'. 1104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'. 1104.1d20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ieframe.dll) WinVerifyTrust 1104.1d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ieframe.dll 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iertutil.dll'... 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'iertutil.dll' -> '\Device\HarddiskVolume1\Windows\System32\iertutil.dll' [rcNtRedir=0xc0150008] 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000780 pwszName=\Device\HarddiskVolume1\Windows\System32\iertutil.dll 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B0507770B598270615A8825D49D347D98E09273A 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_43_for_KB3093983~31bf3856ad364e35~amd64~~6.3.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\iertutil.dll' 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.1d20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\iertutil.dll) WinVerifyTrust 1104.1d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\iertutil.dll 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 1104.1d20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [redoing WinVerifyTrust] 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.1d20: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' 1104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ieframe.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 1104.1d20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ieframe.dll 1104.1d20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\iertutil.dll 1104.1d20: supR3HardenedDllNotificationCallback: load 00007ffbff0b0000 LB 0x002c7000 C:\Windows\System32\iertutil.dll [fFlags=0x0] 1104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\iertutil.dll 1104.1d20: supR3HardenedDllNotificationCallback: load 00007ffbf4790000 LB 0x00dd0000 C:\Windows\System32\ieframe.dll [fFlags=0x0] 1104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ieframe.dll 1104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll 1104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32\kernel32.dll' 1104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll 1104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32\kernel32.dll' 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32\kernel32.dll' 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32\kernel32.dll' 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32\kernel32.dll' 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32\kernel32.dll' 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32\kernel32.dll' 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32\kernel32.dll' 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32\kernel32.dll' 1104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll 1104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32\kernel32.dll' 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32\kernel32.dll' 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32\kernel32.dll' 1104.1d20: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\comctl32.dll'. 1104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'gdi32.dll'. 1104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'. 1104.1d20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\comctl32.dll) 1104.1d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\comctl32.dll 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.1d20: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\comctl32.dll [avoiding WinVerifyTrust] 1104.1d20: supR3HardenedDllNotificationCallback: load 00007ffc04450000 LB 0x0027a000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\comctl32.dll [fFlags=0x0] 1104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\comctl32.dll [avoiding WinVerifyTrust] 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc04450000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\comctl32.dll' 1104.1d20: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\comctl32.dll'. 1104.1d20: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\comctl32.dll' [rescheduled] 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06c90000 'C:\Windows\system32\user32.dll' 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf4790000 'C:\Windows\System32\ieframe.dll' 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06c90000 'C:\Windows\system32\user32.dll' 1104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-downlevel-ole32-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc074a0000 'api-ms-win-downlevel-ole32-l1-1-0.dll' 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001090 pwszName=\Device\HarddiskVolume1\Windows\System32\urlmon.dll 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C8C1D7858B488E39E5A1988933DBF8338E352786 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_43_for_KB3093983~31bf3856ad364e35~amd64~~6.3.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\urlmon.dll' 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'. 1104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shlwapi.dll'. 1104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. 1104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'iertutil.dll'. 1104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'wininet.dll'. 1104.1d20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\urlmon.dll) WinVerifyTrust 1104.1d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\urlmon.dll 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wininet.dll'... 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'wininet.dll' -> '\Device\HarddiskVolume1\Windows\System32\wininet.dll' [rcNtRedir=0xc0150008] 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001108 pwszName=\Device\HarddiskVolume1\Windows\System32\wininet.dll 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E4799DC1AF5A3E28200E5971A5670E15D1C4AB14 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_43_for_KB3093983~31bf3856ad364e35~amd64~~6.3.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\wininet.dll' 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 1104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'iertutil.dll'. 1104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'userenv.dll'. 1104.1d20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wininet.dll) WinVerifyTrust 1104.1d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wininet.dll 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iertutil.dll'... 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'iertutil.dll' -> '\Device\HarddiskVolume1\Windows\System32\iertutil.dll' [rcNtRedir=0xc0150008] 1104.1d20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\iertutil.dll 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 1104.1d20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'... 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume1\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008] 1104.1d20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\userenv.dll 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iertutil.dll'... 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'iertutil.dll' -> '\Device\HarddiskVolume1\Windows\System32\iertutil.dll' [rcNtRedir=0xc0150008] 1104.1d20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\iertutil.dll 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\urlmon.dll (Input=urlmon.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.1d20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\urlmon.dll 1104.1d20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wininet.dll 1104.1d20: supR3HardenedDllNotificationCallback: load 00007ffbfee40000 LB 0x00269000 C:\Windows\SYSTEM32\WININET.dll [fFlags=0x0] 1104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wininet.dll 1104.1d20: supR3HardenedDllNotificationCallback: load 00007ffbff380000 LB 0x00185000 C:\Windows\system32\urlmon.dll [fFlags=0x0] 1104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\urlmon.dll 1104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-downlevel-advapi32-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06350000 'api-ms-win-downlevel-advapi32-l1-1-0.dll' 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc068c0000 'C:\Windows\system32\ADVAPI32.dll' 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbff380000 'C:\Windows\system32\urlmon.dll' 1104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-downlevel-shlwapi-l2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc048a0000 'api-ms-win-downlevel-shlwapi-l2-1-0.dll' 1104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\propsys.dll 1104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\PROPSYS.dll (Input=PROPSYS.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc024c0000 'C:\Windows\system32\PROPSYS.dll' 1104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\propsys.dll 1104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\propsys.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc024c0000 'C:\Windows\system32\propsys.dll' 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001164 pwszName=\Device\HarddiskVolume1\Windows\System32\secur32.dll 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F36B2FD292403B29FD567D7FABB5A9F3636DF3BB 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-ds~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume1\Windows\System32\secur32.dll' 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1104.1d20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\secur32.dll) WinVerifyTrust 1104.1d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\secur32.dll 1104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Secur32.dll (Input=Secur32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.1d20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\secur32.dll 1104.1d20: supR3HardenedDllNotificationCallback: load 00007ffbfc9f0000 LB 0x0000b000 C:\Windows\system32\Secur32.dll [fFlags=0x0] 1104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\secur32.dll 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfc9f0000 'C:\Windows\system32\Secur32.dll' 1104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 1104.1d20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\sspicli.dll) 1104.1d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sspicli.dll 1104.1d20: supR3HardenedDllNotificationCallback: load 00007ffc06050000 LB 0x0002b000 C:\Windows\SYSTEM32\SSPICLI.DLL [fFlags=0x0] 1104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\sspicli.dll [avoiding WinVerifyTrust] 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.1d20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\sspicli.dll' 1104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\sspicli.dll 1104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\sspicli.dll (Input=sspicli.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06050000 'C:\Windows\system32\sspicli.dll' 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011cc pwszName=\Device\HarddiskVolume1\Windows\System32\mlang.dll 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=98B5A0A95340E85B87AC8033FC6CA9A5D5AB70A2 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll' 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll' 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume1\Windows\System32\mlang.dll' 1104.1d20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1104.1d20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\mlang.dll) WinVerifyTrust 1104.1d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\mlang.dll 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MLANG.dll (Input=MLANG.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.1d20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\mlang.dll 1104.1d20: supR3HardenedDllNotificationCallback: load 00007ffbeea10000 LB 0x0003b000 C:\Windows\system32\MLANG.dll [fFlags=0x0] 1104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\mlang.dll 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeea10000 'C:\Windows\system32\MLANG.dll' 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06f70000 'C:\Windows\system32\OLEAUT32.dll' 1104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wininet.dll 1104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WININET.dll (Input=WININET.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfee40000 'C:\Windows\system32\WININET.dll' 1104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\secur32.dll 1104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Secur32.dll (Input=Secur32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfc9f0000 'C:\Windows\system32\Secur32.dll' 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc07e40000 'C:\Windows\system32\SHELL32.dll' 1104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-downlevel-ole32-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc074a0000 'api-ms-win-downlevel-ole32-l1-1-0.dll' 1104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-downlevel-advapi32-l2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc072f0000 'api-ms-win-downlevel-advapi32-l2-1-0.dll' 1104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc07e40000 'C:\Windows\system32\shell32.dll' 1104.1d20: supHardenedWinVerifyImageByHandle: -> -615 (\Device\HarddiskVolume4\Program Files\360se6\Application\360se.exe) 1104.1d20: Error (rc=0): 1104.1d20: supR3HardenedScreenImage/NtCreateSection: rc=Unknown Status -615 (0xfffffd99) fImage=1 fProtect=0xf0005 fAccess=0x2 \Device\HarddiskVolume4\Program Files\360se6\Application\360se.exe: 1104.1d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\360se6\Application\360se.exe 1104.1d20: supR3HardenedDllNotificationCallback: Unload 00007ffbf4790000 LB 0x00dd0000 C:\Windows\System32\ieframe.dll [flags=0x0] 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msctf.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msctf.dll (Input=msctf.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06e10000 'C:\Windows\system32\msctf.dll' 1104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msctf.dll 1104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msctf.dll (Input=msctf.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 1104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06e10000 'C:\Windows\system32\msctf.dll' 1104.1df0: '\Device\HarddiskVolume1\Windows\System32\tzres.dll' has no imports 1104.1df0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\tzres.dll) 1104.1df0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\tzres.dll 1104.1df0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\tzres.dll [avoiding WinVerifyTrust] 1104.1df8: supR3HardenedDllNotificationCallback: Unload 00007ffbff890000 LB 0x0000d000 F:\VMPROGVBOX\VBoxSharedFolders.DLL [flags=0x0] 1104.1fc0: supR3HardenedDllNotificationCallback: Unload 00007ffc008d0000 LB 0x0000e000 F:\VMPROGVBOX\VBoxGuestControlSvc.DLL [flags=0x0] 1104.1fb4: supR3HardenedDllNotificationCallback: Unload 00007ffc008e0000 LB 0x0000f000 F:\VMPROGVBOX\VBoxGuestPropSvc.DLL [flags=0x0] 1104.1d08: supR3HardenedDllNotificationCallback: Unload 00007ffc008f0000 LB 0x0000d000 F:\VMPROGVBOX\VBoxDragAndDropSvc.DLL [flags=0x0] 1104.1dd4: supR3HardenedDllNotificationCallback: Unload 00007ffc00a30000 LB 0x0000a000 F:\VMPROGVBOX\VBoxSharedClipboard.DLL [flags=0x0] 1104.12a8: supR3HardenedDllNotificationCallback: Unload 00007ffbe5c70000 LB 0x008e2000 F:\VMPROGVBOX\VBoxDD.DLL [flags=0x0] 1104.12a8: supR3HardenedDllNotificationCallback: Unload 00007ffbf1620000 LB 0x00061000 F:\VMPROGVBOX\VBoxDDU.dll [flags=0x0] 1104.12a8: supR3HardenedDllNotificationCallback: Unload 00007ffbf2840000 LB 0x00054000 C:\Windows\SYSTEM32\newdev.dll [flags=0x0] 1104.12a8: supR3HardenedDllNotificationCallback: Unload 00007ffbfd200000 LB 0x00014000 C:\Windows\SYSTEM32\devrtl.DLL [flags=0x0] 1104.12a8: supR3HardenedDllNotificationCallback: Unload 00007ffbf9900000 LB 0x00035000 F:\VMPROGVBOX\VBoxDD2.dll [flags=0x0] 1104.bfc: supR3HardenedDllNotificationCallback: Unload 00007ffbfce30000 LB 0x000e4000 C:\Windows\system32\wbem\fastprox.dll [flags=0x0] 1104.bfc: supR3HardenedDllNotificationCallback: Unload 00007ffbfce10000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [flags=0x0] 1104.bfc: supR3HardenedDllNotificationCallback: Unload 00007ffbfd3b0000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [flags=0x0] 1104.bfc: supR3HardenedDllNotificationCallback: Unload 00007ffbfd3d0000 LB 0x0007f000 C:\Windows\SYSTEM32\wbemcomn.dll [flags=0x0] 1104.bfc: supR3HardenedDllNotificationCallback: Unload 00007ffbebcb0000 LB 0x005d6000 F:\VMPROGVBOX\VBoxC.dll [flags=0x0] 1104.bfc: supR3HardenedDllNotificationCallback: Unload 00007ffc093e0000 LB 0x00007000 C:\Windows\system32\PSAPI.DLL [flags=0x0] 1104.bfc: supR3HardenedDllNotificationCallback: Unload 00007ffc03840000 LB 0x0000a000 C:\Windows\SYSTEM32\VERSION.dll [flags=0x0] 1104.bfc: Terminating the normal way: rcExit=0 12dc.1bfc: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 46959 ms, the end); 1f34.1930: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 47417 ms, the end);