16e4.2678: Log file opened: 5.0.26r108824 g_hStartupLog=0000000000000090 g_uNtVerCombined=0xa0295a00 16e4.2678: \SystemRoot\System32\ntdll.dll: 16e4.2678: CreationTime: 2016-08-26T10:18:33.398022200Z 16e4.2678: LastWriteTime: 2016-04-23T05:24:28.464629900Z 16e4.2678: ChangeTime: 2016-08-29T08:36:32.121899100Z 16e4.2678: FileAttributes: 0x20 16e4.2678: Size: 0x1bc248 16e4.2678: NT Headers: 0xe0 16e4.2678: Timestamp: 0x571af2eb 16e4.2678: Machine: 0x8664 - amd64 16e4.2678: Timestamp: 0x571af2eb 16e4.2678: Image Version: 10.0 16e4.2678: SizeOfImage: 0x1c1000 (1839104) 16e4.2678: Resource Dir: 0x159000 LB 0x66218 16e4.2678: ProductName: Microsoft® Windows® Operating System 16e4.2678: ProductVersion: 10.0.10586.306 16e4.2678: FileVersion: 10.0.10586.306 (th2_release_sec.160422-1850) 16e4.2678: FileDescription: NT Layer DLL 16e4.2678: \SystemRoot\System32\kernel32.dll: 16e4.2678: CreationTime: 2015-10-30T07:17:46.221743200Z 16e4.2678: LastWriteTime: 2015-10-30T07:17:46.221743200Z 16e4.2678: ChangeTime: 2016-08-10T16:23:29.865203500Z 16e4.2678: FileAttributes: 0x20 16e4.2678: Size: 0xac430 16e4.2678: NT Headers: 0xf0 16e4.2678: Timestamp: 0x5632d5aa 16e4.2678: Machine: 0x8664 - amd64 16e4.2678: Timestamp: 0x5632d5aa 16e4.2678: Image Version: 10.0 16e4.2678: SizeOfImage: 0xad000 (708608) 16e4.2678: Resource Dir: 0xab000 LB 0x528 16e4.2678: ProductName: Microsoft® Windows® Operating System 16e4.2678: ProductVersion: 10.0.10586.0 16e4.2678: FileVersion: 10.0.10586.0 (th2_release.151029-1700) 16e4.2678: FileDescription: Windows NT BASE API Client DLL 16e4.2678: \SystemRoot\System32\KernelBase.dll: 16e4.2678: CreationTime: 2016-08-26T10:15:58.917701600Z 16e4.2678: LastWriteTime: 2016-07-01T04:49:21.864958900Z 16e4.2678: ChangeTime: 2016-08-29T08:36:28.250157000Z 16e4.2678: FileAttributes: 0x20 16e4.2678: Size: 0x1e7a10 16e4.2678: NT Headers: 0xf0 16e4.2678: Timestamp: 0x5775e4c5 16e4.2678: Machine: 0x8664 - amd64 16e4.2678: Timestamp: 0x5775e4c5 16e4.2678: Image Version: 10.0 16e4.2678: SizeOfImage: 0x1e8000 (1998848) 16e4.2678: Resource Dir: 0x1d1000 LB 0x548 16e4.2678: ProductName: Microsoft® Windows® Operating System 16e4.2678: ProductVersion: 10.0.10586.494 16e4.2678: FileVersion: 10.0.10586.494 (th2_release_sec.160630-1736) 16e4.2678: FileDescription: Windows NT BASE API Client DLL 16e4.2678: \SystemRoot\System32\apisetschema.dll: 16e4.2678: CreationTime: 2015-10-30T07:17:57.502957900Z 16e4.2678: LastWriteTime: 2015-10-30T07:17:57.502957900Z 16e4.2678: ChangeTime: 2016-08-10T16:23:15.880826600Z 16e4.2678: FileAttributes: 0x20 16e4.2678: Size: 0x16d60 16e4.2678: NT Headers: 0xc8 16e4.2678: Timestamp: 0x5632d94c 16e4.2678: Machine: 0x8664 - amd64 16e4.2678: Timestamp: 0x5632d94c 16e4.2678: Image Version: 10.0 16e4.2678: SizeOfImage: 0x18000 (98304) 16e4.2678: Resource Dir: 0x17000 LB 0x400 16e4.2678: ProductName: Microsoft® Windows® Operating System 16e4.2678: ProductVersion: 10.0.10586.0 16e4.2678: FileVersion: 10.0.10586.0 (th2_release.151029-1700) 16e4.2678: FileDescription: ApiSet Schema DLL 16e4.2678: NtOpenDirectoryObject failed on \Driver: 0xc0000022 16e4.2678: supR3HardenedWinFindAdversaries: 0x10083 16e4.2678: \SystemRoot\System32\drivers\SysPlant.sys: 16e4.2678: CreationTime: 2015-09-09T09:54:34.896250000Z 16e4.2678: LastWriteTime: 2016-08-09T23:42:50.554114600Z 16e4.2678: ChangeTime: 2016-08-10T07:50:39.586208600Z 16e4.2678: FileAttributes: 0x20 16e4.2678: Size: 0x2b9a8 16e4.2678: NT Headers: 0x100 16e4.2678: Timestamp: 0x576a282d 16e4.2678: Machine: 0x8664 - amd64 16e4.2678: Timestamp: 0x576a282d 16e4.2678: Image Version: 5.0 16e4.2678: SizeOfImage: 0x30000 (196608) 16e4.2678: Resource Dir: 0x2e000 LB 0x498 16e4.2678: ProductName: Symantec CMC Firewall 16e4.2678: ProductVersion: 12.1.7004.6500 16e4.2678: FileVersion: 12.1.7004.6500 16e4.2678: FileDescription: Symantec CMC Firewall SysPlant 16e4.2678: \SystemRoot\System32\sysfer.dll: 16e4.2678: CreationTime: 2015-09-09T09:54:34.865000000Z 16e4.2678: LastWriteTime: 2016-08-09T23:42:50.554114600Z 16e4.2678: ChangeTime: 2016-08-10T07:50:39.476826700Z 16e4.2678: FileAttributes: 0x20 16e4.2678: Size: 0x73728 16e4.2678: NT Headers: 0xf0 16e4.2678: Timestamp: 0x576a2837 16e4.2678: Machine: 0x8664 - amd64 16e4.2678: Timestamp: 0x576a2837 16e4.2678: Image Version: 0.0 16e4.2678: SizeOfImage: 0x89000 (561152) 16e4.2678: Resource Dir: 0x87000 LB 0x630 16e4.2678: ProductName: Symantec CMC Firewall 16e4.2678: ProductVersion: 12.1.7004.6500 16e4.2678: FileVersion: 12.1.7004.6500 16e4.2678: FileDescription: Symantec CMC Firewall sysfer 16e4.2678: \SystemRoot\System32\drivers\symevent64x86.sys: 16e4.2678: CreationTime: 2015-09-09T09:56:55.630625000Z 16e4.2678: LastWriteTime: 2016-08-09T20:56:59.539835600Z 16e4.2678: ChangeTime: 2016-08-10T07:50:39.586208600Z 16e4.2678: FileAttributes: 0x20 16e4.2678: Size: 0x2b8d8 16e4.2678: NT Headers: 0xe8 16e4.2678: Timestamp: 0x54b87d44 16e4.2678: Machine: 0x8664 - amd64 16e4.2678: Timestamp: 0x54b87d44 16e4.2678: Image Version: 6.0 16e4.2678: SizeOfImage: 0x38000 (229376) 16e4.2678: Resource Dir: 0x36000 LB 0x3c8 16e4.2678: ProductName: SYMEVENT 16e4.2678: ProductVersion: 12.9.6.12 16e4.2678: FileVersion: 12.9.6.12 16e4.2678: FileDescription: Symantec Event Library 16e4.2678: \SystemRoot\System32\drivers\MBAMSwissArmy.sys: 16e4.2678: CreationTime: 2016-08-09T10:33:46.189526500Z 16e4.2678: LastWriteTime: 2016-08-09T10:33:46.189526500Z 16e4.2678: ChangeTime: 2016-08-10T07:50:39.554949000Z 16e4.2678: FileAttributes: 0x20 16e4.2678: Size: 0x2eed8 16e4.2678: NT Headers: 0xe0 16e4.2678: Timestamp: 0x55b855d9 16e4.2678: Machine: 0x8664 - amd64 16e4.2678: Timestamp: 0x55b855d9 16e4.2678: Image Version: 6.1 16e4.2678: SizeOfImage: 0x33000 (208896) 16e4.2678: Resource Dir: 0x31000 LB 0x3b8 16e4.2678: ProductName: Malwarebytes Anti-Malware 16e4.2678: ProductVersion: 0.3.0.0 16e4.2678: FileVersion: 0.3.0.0 16e4.2678: FileDescription: Malwarebytes Anti-Malware 16e4.2678: \SystemRoot\System32\drivers\PGDriver.sys: 16e4.2678: CreationTime: 2016-06-11T13:24:48.451200100Z 16e4.2678: LastWriteTime: 2015-09-07T15:05:44.000000000Z 16e4.2678: ChangeTime: 2016-08-10T07:50:39.570548900Z 16e4.2678: FileAttributes: 0x20 16e4.2678: Size: 0x5580 16e4.2678: NT Headers: 0xf8 16e4.2678: Timestamp: 0x55eda61c 16e4.2678: Machine: 0x8664 - amd64 16e4.2678: Timestamp: 0x55eda61c 16e4.2678: Image Version: 6.3 16e4.2678: SizeOfImage: 0xa000 (40960) 16e4.2678: Resource Dir: 0x8000 LB 0x420 16e4.2678: ProductName: Avecto Defendpoint 16e4.2678: ProductVersion: 4.0.349.0 16e4.2678: FileVersion: 4.0.349.0 16e4.2678: SpecialBuild: D 16e4.2678: FileDescription: Defendpoint Driver 16e4.2678: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 16e4.2678: Calling main() 16e4.2678: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 16e4.2678: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 16e4.2678: SUPR3HardenedMain: Respawn #1 16e4.2678: System32: \Device\HarddiskVolume2\Windows\System32 16e4.2678: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS 16e4.2678: KnownDllPath: C:\WINDOWS\system32 16e4.2678: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 16e4.2678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 16e4.2678: supR3HardNtEnableThreadCreation: 16e4.2678: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff857536d50 pvNtTerminateThread=00007ff857565b30 16e4.2678: supR3HardenedWinDoReSpawn(1): New child 28d0.1a84 [kernel32]. 16e4.2678: supR3HardNtChildGatherData: PebBaseAddress=000000000116b000 cbPeb=0x388 16e4.2678: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff8574c0000 uNtDllChildAddr=00007ff8574c0000 16e4.2678: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff857536d50 16e4.2678: supR3HardenedWinSetupChildInit: Start child. 16e4.2678: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 16e4.2678: supR3HardNtChildPurify: Startup delay kludge #1/0: 519 ms, 61 sleeps 16e4.2678: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 16e4.2678: *0000000000000000-ffffffffff17ffff 0x0001/0x0000 0x0000000 16e4.2678: *0000000000e80000-0000000000e5ffff 0x0004/0x0004 0x0020000 16e4.2678: *0000000000ea0000-0000000000e8afff 0x0002/0x0002 0x0040000 16e4.2678: 0000000000eb5000-0000000000ea9fff 0x0001/0x0000 0x0000000 16e4.2678: *0000000000ec0000-0000000000dc4fff 0x0000/0x0004 0x0020000 16e4.2678: 0000000000fbb000-0000000000fb7fff 0x0104/0x0004 0x0020000 16e4.2678: 0000000000fbe000-0000000000fbbfff 0x0004/0x0004 0x0020000 16e4.2678: *0000000000fc0000-0000000000fbbfff 0x0002/0x0002 0x0040000 16e4.2678: 0000000000fc4000-0000000000fb7fff 0x0001/0x0000 0x0000000 16e4.2678: *0000000000fd0000-0000000000fcdfff 0x0004/0x0004 0x0020000 16e4.2678: 0000000000fd2000-0000000000fc3fff 0x0001/0x0000 0x0000000 16e4.2678: *0000000000fe0000-0000000000fdefff 0x0004/0x0004 0x0020000 16e4.2678: 0000000000fe1000-0000000000fc1fff 0x0001/0x0000 0x0000000 16e4.2678: *0000000001000000-0000000000e94fff 0x0000/0x0004 0x0020000 16e4.2678: 000000000116b000-0000000001167fff 0x0004/0x0004 0x0020000 16e4.2678: 000000000116e000-00000000010dbfff 0x0000/0x0004 0x0020000 16e4.2678: 0000000001200000-ffffffff8241ffff 0x0001/0x0000 0x0000000 16e4.2678: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 16e4.2678: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 16e4.2678: 000000007fff0000-ffff800a7275ffff 0x0001/0x0000 0x0000000 16e4.2678: *00007ff68d880000-00007ff68d85cfff 0x0002/0x0002 0x0040000 16e4.2678: 00007ff68d8a3000-00007ff68cc35fff 0x0001/0x0000 0x0000000 16e4.2678: *00007ff68e510000-00007ff68e510fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 16e4.2678: 00007ff68e511000-00007ff68e580fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 16e4.2678: 00007ff68e581000-00007ff68e581fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 16e4.2678: 00007ff68e582000-00007ff68e5c6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 16e4.2678: 00007ff68e5c7000-00007ff68e5c7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 16e4.2678: 00007ff68e5c8000-00007ff68e5c8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 16e4.2678: 00007ff68e5c9000-00007ff68e5cdfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 16e4.2678: 00007ff68e5ce000-00007ff68e5cefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 16e4.2678: 00007ff68e5cf000-00007ff68e5cffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 16e4.2678: 00007ff68e5d0000-00007ff68e5d3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 16e4.2678: 00007ff68e5d4000-00007ff68e61bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 16e4.2678: 00007ff68e61c000-00007ff68e617fff 0x0001/0x0000 0x0000000 16e4.2678: *00007ff68e620000-00007ff68e61efff 0x0040/0x0040 0x0020000 !! 16e4.2678: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00007ff68e620000 (LB 0x1000, 00007ff68e620000 LB 0x1000) 16e4.2678: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00007ff68e620000/00007ff68e620000 LB 0/0x1000] 16e4.2678: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00007ff68e620000 LB 0x1c8ea0000 s=0x10000 ap=0x0 rp=0x705c08000000001 16e4.2678: 00007ff68e621000-00007ff4c5781fff 0x0001/0x0000 0x0000000 16e4.2678: *00007ff8574c0000-00007ff8574c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 16e4.2678: 00007ff8574c1000-00007ff8575bdfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 16e4.2678: 00007ff8575be000-00007ff8575fefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 16e4.2678: 00007ff8575ff000-00007ff857604fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 16e4.2678: 00007ff857605000-00007ff857605fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 16e4.2678: 00007ff857606000-00007ff857607fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 16e4.2678: 00007ff857608000-00007ff857614fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 16e4.2678: 00007ff857615000-00007ff857615fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 16e4.2678: 00007ff857616000-00007ff857618fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 16e4.2678: 00007ff857619000-00007ff857680fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 16e4.2678: 00007ff857681000-00007ff0aed21fff 0x0001/0x0000 0x0000000 16e4.2678: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 16e4.2678: VirtualBox.exe: timestamp 0x578cc301 (rc=VINF_SUCCESS) 16e4.2678: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 16e4.2678: VirtualBox.exe: Differences in section #0 (headers) between file and memory: 16e4.2678: 00007ff68e510172 / 0x0000172: 00 != 11 16e4.2678: 00007ff68e510174 / 0x0000174: 00 != 14 16e4.2678: Restored 0x400 bytes of original file content at 00007ff68e510000 16e4.2678: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 16e4.2678: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x10083 16e4.2678: supR3HardNtChildPurify: Startup delay kludge #1/1: 517 ms, 59 sleeps 16e4.2678: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 16e4.2678: *0000000000000000-ffffffffff17ffff 0x0001/0x0000 0x0000000 16e4.2678: *0000000000e80000-0000000000e5ffff 0x0004/0x0004 0x0020000 16e4.2678: *0000000000ea0000-0000000000e8afff 0x0002/0x0002 0x0040000 16e4.2678: 0000000000eb5000-0000000000ea9fff 0x0001/0x0000 0x0000000 16e4.2678: *0000000000ec0000-0000000000dc4fff 0x0000/0x0004 0x0020000 16e4.2678: 0000000000fbb000-0000000000fb7fff 0x0104/0x0004 0x0020000 16e4.2678: 0000000000fbe000-0000000000fbbfff 0x0004/0x0004 0x0020000 16e4.2678: *0000000000fc0000-0000000000fbbfff 0x0002/0x0002 0x0040000 16e4.2678: 0000000000fc4000-0000000000fb7fff 0x0001/0x0000 0x0000000 16e4.2678: *0000000000fd0000-0000000000fcdfff 0x0004/0x0004 0x0020000 16e4.2678: 0000000000fd2000-0000000000fc3fff 0x0001/0x0000 0x0000000 16e4.2678: *0000000000fe0000-0000000000fdefff 0x0004/0x0004 0x0020000 16e4.2678: 0000000000fe1000-0000000000fc1fff 0x0001/0x0000 0x0000000 16e4.2678: *0000000001000000-0000000000e94fff 0x0000/0x0004 0x0020000 16e4.2678: 000000000116b000-0000000001167fff 0x0004/0x0004 0x0020000 16e4.2678: 000000000116e000-00000000010dbfff 0x0000/0x0004 0x0020000 16e4.2678: 0000000001200000-ffffffff8241ffff 0x0001/0x0000 0x0000000 16e4.2678: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 16e4.2678: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 16e4.2678: 000000007fff0000-ffff800a7275ffff 0x0001/0x0000 0x0000000 16e4.2678: *00007ff68d880000-00007ff68d85cfff 0x0002/0x0002 0x0040000 16e4.2678: 00007ff68d8a3000-00007ff68cc35fff 0x0001/0x0000 0x0000000 16e4.2678: *00007ff68e510000-00007ff68e510fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 16e4.2678: 00007ff68e511000-00007ff68e580fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 16e4.2678: 00007ff68e581000-00007ff68e581fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 16e4.2678: 00007ff68e582000-00007ff68e5c6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 16e4.2678: 00007ff68e5c7000-00007ff68e5d3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 16e4.2678: 00007ff68e5d4000-00007ff68e61bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 16e4.2678: 00007ff68e61c000-00007ff4c5777fff 0x0001/0x0000 0x0000000 16e4.2678: *00007ff8574c0000-00007ff8574c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 16e4.2678: 00007ff8574c1000-00007ff8575bdfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 16e4.2678: 00007ff8575be000-00007ff8575fefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 16e4.2678: 00007ff8575ff000-00007ff857602fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 16e4.2678: 00007ff857603000-00007ff857607fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 16e4.2678: 00007ff857608000-00007ff857614fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 16e4.2678: 00007ff857615000-00007ff857615fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 16e4.2678: 00007ff857616000-00007ff857618fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 16e4.2678: 00007ff857619000-00007ff857680fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 16e4.2678: 00007ff857681000-00007ff0aed21fff 0x0001/0x0000 0x0000000 16e4.2678: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 16e4.2678: supR3HardNtChildPurify: Done after 1103 ms and 2 fixes (loop #1). 28d0.1a84: Log file opened: 5.0.26r108824 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0295a00 28d0.1a84: supR3HardenedVmProcessInit: uNtDllAddr=00007ff8574c0000 g_uNtVerCombined=0xa0295a00 16e4.2678: supR3HardNtEnableThreadCreation: 28d0.1a84: ntdll.dll: timestamp 0x571af2eb (rc=VINF_SUCCESS) 28d0.1a84: New simple heap: #1 0000000001300000 LB 0x400000 (for 1839104 allocation) 28d0.1a84: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 28d0.1a84: System32: \Device\HarddiskVolume2\Windows\System32 28d0.1a84: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS 28d0.1a84: KnownDllPath: C:\WINDOWS\system32 28d0.1a84: supR3HardenedVmProcessInit: Opening vboxdrv stub... 28d0.1a84: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 28d0.1a84: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 28d0.1a84: Registered Dll notification callback with NTDLL. 28d0.1a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) 28d0.1a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801: [calling] 28d0.1a84: supR3HardenedDllNotificationCallback: load 00007ff853be0000 LB 0x001e8000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0] 28d0.1a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) 28d0.1a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 28d0.1a84: supR3HardenedDllNotificationCallback: load 00007ff8549d0000 LB 0x000ad000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0] 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8549d0000 'C:\WINDOWS\system32\KERNEL32.DLL' 28d0.1a84: supR3HardenedDllNotificationCallback: load 00007ff68e510000 LB 0x0010c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 28d0.1a84: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 28d0.1a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 28d0.1a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: Refusing to load 'C:\Program Files\Avecto\Privilege Guard Client\PGHook.dll' as it is expected to create undesirable threads that will upset our respawn checks (returning STATUS_TOO_MANY_THREADS) 28d0.1a84: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff857536d50 pvNtTerminateThread=00007ff857565b30 16e4.2678: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 148 ms. 28d0.1a84: \SystemRoot\System32\ntdll.dll: 28d0.1a84: CreationTime: 2016-08-26T10:18:33.398022200Z 28d0.1a84: LastWriteTime: 2016-04-23T05:24:28.464629900Z 28d0.1a84: ChangeTime: 2016-08-29T08:36:32.121899100Z 28d0.1a84: FileAttributes: 0x20 28d0.1a84: Size: 0x1bc248 28d0.1a84: NT Headers: 0xe0 28d0.1a84: Timestamp: 0x571af2eb 28d0.1a84: Machine: 0x8664 - amd64 28d0.1a84: Timestamp: 0x571af2eb 28d0.1a84: Image Version: 10.0 28d0.1a84: SizeOfImage: 0x1c1000 (1839104) 28d0.1a84: Resource Dir: 0x159000 LB 0x66218 28d0.1a84: ProductName: Microsoft® Windows® Operating System 28d0.1a84: ProductVersion: 10.0.10586.306 28d0.1a84: FileVersion: 10.0.10586.306 (th2_release_sec.160422-1850) 28d0.1a84: FileDescription: NT Layer DLL 28d0.1a84: \SystemRoot\System32\kernel32.dll: 28d0.1a84: CreationTime: 2015-10-30T07:17:46.221743200Z 28d0.1a84: LastWriteTime: 2015-10-30T07:17:46.221743200Z 28d0.1a84: ChangeTime: 2016-08-10T16:23:29.865203500Z 28d0.1a84: FileAttributes: 0x20 28d0.1a84: Size: 0xac430 28d0.1a84: NT Headers: 0xf0 28d0.1a84: Timestamp: 0x5632d5aa 28d0.1a84: Machine: 0x8664 - amd64 28d0.1a84: Timestamp: 0x5632d5aa 28d0.1a84: Image Version: 10.0 28d0.1a84: SizeOfImage: 0xad000 (708608) 28d0.1a84: Resource Dir: 0xab000 LB 0x528 28d0.1a84: ProductName: Microsoft® Windows® Operating System 28d0.1a84: ProductVersion: 10.0.10586.0 28d0.1a84: FileVersion: 10.0.10586.0 (th2_release.151029-1700) 28d0.1a84: FileDescription: Windows NT BASE API Client DLL 28d0.1a84: \SystemRoot\System32\KernelBase.dll: 28d0.1a84: CreationTime: 2016-08-26T10:15:58.917701600Z 28d0.1a84: LastWriteTime: 2016-07-01T04:49:21.864958900Z 28d0.1a84: ChangeTime: 2016-08-29T08:36:28.250157000Z 28d0.1a84: FileAttributes: 0x20 28d0.1a84: Size: 0x1e7a10 28d0.1a84: NT Headers: 0xf0 28d0.1a84: Timestamp: 0x5775e4c5 28d0.1a84: Machine: 0x8664 - amd64 28d0.1a84: Timestamp: 0x5775e4c5 28d0.1a84: Image Version: 10.0 28d0.1a84: SizeOfImage: 0x1e8000 (1998848) 28d0.1a84: Resource Dir: 0x1d1000 LB 0x548 28d0.1a84: ProductName: Microsoft® Windows® Operating System 28d0.1a84: ProductVersion: 10.0.10586.494 28d0.1a84: FileVersion: 10.0.10586.494 (th2_release_sec.160630-1736) 28d0.1a84: FileDescription: Windows NT BASE API Client DLL 28d0.1a84: \SystemRoot\System32\apisetschema.dll: 28d0.1a84: CreationTime: 2015-10-30T07:17:57.502957900Z 28d0.1a84: LastWriteTime: 2015-10-30T07:17:57.502957900Z 28d0.1a84: ChangeTime: 2016-08-10T16:23:15.880826600Z 28d0.1a84: FileAttributes: 0x20 28d0.1a84: Size: 0x16d60 28d0.1a84: NT Headers: 0xc8 28d0.1a84: Timestamp: 0x5632d94c 28d0.1a84: Machine: 0x8664 - amd64 28d0.1a84: Timestamp: 0x5632d94c 28d0.1a84: Image Version: 10.0 28d0.1a84: SizeOfImage: 0x18000 (98304) 28d0.1a84: Resource Dir: 0x17000 LB 0x400 28d0.1a84: ProductName: Microsoft® Windows® Operating System 28d0.1a84: ProductVersion: 10.0.10586.0 28d0.1a84: FileVersion: 10.0.10586.0 (th2_release.151029-1700) 28d0.1a84: FileDescription: ApiSet Schema DLL 28d0.1a84: NtOpenDirectoryObject failed on \Driver: 0xc0000022 28d0.1a84: supR3HardenedWinFindAdversaries: 0x10083 28d0.1a84: \SystemRoot\System32\drivers\SysPlant.sys: 28d0.1a84: CreationTime: 2015-09-09T09:54:34.896250000Z 28d0.1a84: LastWriteTime: 2016-08-09T23:42:50.554114600Z 28d0.1a84: ChangeTime: 2016-08-10T07:50:39.586208600Z 28d0.1a84: FileAttributes: 0x20 28d0.1a84: Size: 0x2b9a8 28d0.1a84: NT Headers: 0x100 28d0.1a84: Timestamp: 0x576a282d 28d0.1a84: Machine: 0x8664 - amd64 28d0.1a84: Timestamp: 0x576a282d 28d0.1a84: Image Version: 5.0 28d0.1a84: SizeOfImage: 0x30000 (196608) 28d0.1a84: Resource Dir: 0x2e000 LB 0x498 28d0.1a84: ProductName: Symantec CMC Firewall 28d0.1a84: ProductVersion: 12.1.7004.6500 28d0.1a84: FileVersion: 12.1.7004.6500 28d0.1a84: FileDescription: Symantec CMC Firewall SysPlant 28d0.1a84: \SystemRoot\System32\sysfer.dll: 28d0.1a84: CreationTime: 2015-09-09T09:54:34.865000000Z 28d0.1a84: LastWriteTime: 2016-08-09T23:42:50.554114600Z 28d0.1a84: ChangeTime: 2016-08-10T07:50:39.476826700Z 28d0.1a84: FileAttributes: 0x20 28d0.1a84: Size: 0x73728 28d0.1a84: NT Headers: 0xf0 28d0.1a84: Timestamp: 0x576a2837 28d0.1a84: Machine: 0x8664 - amd64 28d0.1a84: Timestamp: 0x576a2837 28d0.1a84: Image Version: 0.0 28d0.1a84: SizeOfImage: 0x89000 (561152) 28d0.1a84: Resource Dir: 0x87000 LB 0x630 28d0.1a84: ProductName: Symantec CMC Firewall 28d0.1a84: ProductVersion: 12.1.7004.6500 28d0.1a84: FileVersion: 12.1.7004.6500 28d0.1a84: FileDescription: Symantec CMC Firewall sysfer 28d0.1a84: \SystemRoot\System32\drivers\symevent64x86.sys: 28d0.1a84: CreationTime: 2015-09-09T09:56:55.630625000Z 28d0.1a84: LastWriteTime: 2016-08-09T20:56:59.539835600Z 28d0.1a84: ChangeTime: 2016-08-10T07:50:39.586208600Z 28d0.1a84: FileAttributes: 0x20 28d0.1a84: Size: 0x2b8d8 28d0.1a84: NT Headers: 0xe8 28d0.1a84: Timestamp: 0x54b87d44 28d0.1a84: Machine: 0x8664 - amd64 28d0.1a84: Timestamp: 0x54b87d44 28d0.1a84: Image Version: 6.0 28d0.1a84: SizeOfImage: 0x38000 (229376) 28d0.1a84: Resource Dir: 0x36000 LB 0x3c8 28d0.1a84: ProductName: SYMEVENT 28d0.1a84: ProductVersion: 12.9.6.12 28d0.1a84: FileVersion: 12.9.6.12 28d0.1a84: FileDescription: Symantec Event Library 28d0.1a84: \SystemRoot\System32\drivers\MBAMSwissArmy.sys: 28d0.1a84: CreationTime: 2016-08-09T10:33:46.189526500Z 28d0.1a84: LastWriteTime: 2016-08-09T10:33:46.189526500Z 28d0.1a84: ChangeTime: 2016-08-10T07:50:39.554949000Z 28d0.1a84: FileAttributes: 0x20 28d0.1a84: Size: 0x2eed8 28d0.1a84: NT Headers: 0xe0 28d0.1a84: Timestamp: 0x55b855d9 28d0.1a84: Machine: 0x8664 - amd64 28d0.1a84: Timestamp: 0x55b855d9 28d0.1a84: Image Version: 6.1 28d0.1a84: SizeOfImage: 0x33000 (208896) 28d0.1a84: Resource Dir: 0x31000 LB 0x3b8 28d0.1a84: ProductName: Malwarebytes Anti-Malware 28d0.1a84: ProductVersion: 0.3.0.0 28d0.1a84: FileVersion: 0.3.0.0 28d0.1a84: FileDescription: Malwarebytes Anti-Malware 28d0.1a84: \SystemRoot\System32\drivers\PGDriver.sys: 28d0.1a84: CreationTime: 2016-06-11T13:24:48.451200100Z 28d0.1a84: LastWriteTime: 2015-09-07T15:05:44.000000000Z 28d0.1a84: ChangeTime: 2016-08-10T07:50:39.570548900Z 28d0.1a84: FileAttributes: 0x20 28d0.1a84: Size: 0x5580 28d0.1a84: NT Headers: 0xf8 28d0.1a84: Timestamp: 0x55eda61c 28d0.1a84: Machine: 0x8664 - amd64 28d0.1a84: Timestamp: 0x55eda61c 28d0.1a84: Image Version: 6.3 28d0.1a84: SizeOfImage: 0xa000 (40960) 28d0.1a84: Resource Dir: 0x8000 LB 0x420 28d0.1a84: ProductName: Avecto Defendpoint 28d0.1a84: ProductVersion: 4.0.349.0 28d0.1a84: FileVersion: 4.0.349.0 28d0.1a84: SpecialBuild: D 28d0.1a84: FileDescription: Defendpoint Driver 28d0.1a84: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 28d0.1a84: Calling main() 28d0.1a84: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 28d0.1a84: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 28d0.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'secur32.dll'. 28d0.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shlwapi.dll'. 28d0.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 28d0.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. 28d0.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'. 28d0.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 28d0.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'. 28d0.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'. 28d0.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'. 28d0.327c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Manufacturer\Endpoint Agent\prntm64.dll) 28d0.327c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Manufacturer\Endpoint Agent\prntm64.dll 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 28d0.1a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 28d0.1a84: SUPR3HardenedMain: Respawn #2 28d0.1a84: Error (rc=-5640): 28d0.1a84: More than one thread in process 28d0.1a84: Error -5640 in supR3HardenedWinReSpawn! (enmWhat=1) 28d0.1a84: More than one thread in process 28d0.1a84: supR3HardNtEnableThreadCreation: 28d0.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 28d0.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'. 28d0.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'. 28d0.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'. 28d0.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'. 28d0.327c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) 28d0.327c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 28d0.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 28d0.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'. 28d0.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'. 28d0.327c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll) 28d0.327c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 28d0.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 28d0.327c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) 28d0.327c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 28d0.327c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) 28d0.327c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'... 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008] 28d0.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 28d0.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'bcrypt.dll'. 28d0.327c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) 28d0.327c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtopenglvbox4.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'advapi32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'shell32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ole32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'oleaut32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmm.dll'. 28d0.1a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) 28d0.1a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 28d0.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'. 28d0.327c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll) 28d0.327c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'user32.dll'. 28d0.1a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) 28d0.1a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. 28d0.1a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) 28d0.1a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 28d0.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'. 28d0.327c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll) 28d0.327c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 28d0.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 28d0.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'gdi32.dll'. 28d0.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'. 28d0.327c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll) 28d0.327c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'secur32.dll'... 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: 'secur32.dll' -> '\Device\HarddiskVolume2\Windows\System32\secur32.dll' [rcNtRedir=0xc0150008] 28d0.327c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\secur32.dll) 28d0.327c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\secur32.dll 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 28d0.327c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 28d0.327c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.327c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll) 28d0.327c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 28d0.327c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 28d0.327c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll) 28d0.327c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 28d0.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 28d0.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'. 28d0.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'bcryptprimitives.dll'. 28d0.327c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll) 28d0.327c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.327c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 28d0.327c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.327c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'... 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008] 28d0.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 28d0.327c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmmbase.dll) 28d0.327c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 28d0.327c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.327c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] 28d0.327c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll) 28d0.327c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 28d0.327c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.327c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.327c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Manufacturer\Endpoint Agent\prntm64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 28d0.327c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Manufacturer\Endpoint Agent\prntm64.dll [lacks WinVerifyTrust] 28d0.327c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\secur32.dll [lacks WinVerifyTrust] 28d0.327c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [lacks WinVerifyTrust] 28d0.327c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 28d0.327c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll [lacks WinVerifyTrust] 28d0.327c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll) 28d0.327c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll 28d0.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 28d0.327c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sspicli.dll) 28d0.327c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sspicli.dll 28d0.327c: supR3HardenedDllNotificationCallback: load 00007ff844dd0000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\Secur32.dll [fFlags=0x0] 28d0.327c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\secur32.dll [lacks WinVerifyTrust] 28d0.327c: supR3HardenedDllNotificationCallback: load 00007ff856fa0000 LB 0x0009d000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0] 28d0.327c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.327c: supR3HardenedDllNotificationCallback: load 00007ff856e80000 LB 0x0011c000 C:\WINDOWS\system32\RPCRT4.dll [fFlags=0x0] 28d0.327c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 28d0.327c: supR3HardenedDllNotificationCallback: load 00007ff854710000 LB 0x0006a000 C:\WINDOWS\system32\bcryptPrimitives.dll [fFlags=0x0] 28d0.327c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 28d0.327c: supR3HardenedDllNotificationCallback: load 00007ff855060000 LB 0x0027d000 C:\WINDOWS\system32\combase.dll [fFlags=0x0] 28d0.327c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust] 28d0.327c: supR3HardenedDllNotificationCallback: load 00007ff8572d0000 LB 0x00156000 C:\WINDOWS\system32\USER32.dll [fFlags=0x0] 28d0.327c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 28d0.327c: supR3HardenedDllNotificationCallback: load 00007ff8554a0000 LB 0x00186000 C:\WINDOWS\system32\GDI32.dll [fFlags=0x0] 28d0.327c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 28d0.327c: supR3HardenedDllNotificationCallback: load 00007ff856dc0000 LB 0x00052000 C:\WINDOWS\system32\SHLWAPI.dll [fFlags=0x0] 28d0.327c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust] 28d0.327c: supR3HardenedDllNotificationCallback: load 00007ff853820000 LB 0x00029000 C:\WINDOWS\SYSTEM32\bcrypt.dll [fFlags=0x0] 28d0.327c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 28d0.327c: supR3HardenedDllNotificationCallback: load 00007ff84b5d0000 LB 0x00084000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0] 28d0.327c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [lacks WinVerifyTrust] 28d0.327c: supR3HardenedDllNotificationCallback: load 0000000072770000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0] 28d0.327c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 28d0.327c: supR3HardenedDllNotificationCallback: load 0000000072850000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0] 28d0.327c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll [lacks WinVerifyTrust] 28d0.327c: supR3HardenedDllNotificationCallback: load 00007ff856e20000 LB 0x0005b000 C:\WINDOWS\system32\sechost.dll [fFlags=0x0] 28d0.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 28d0.327c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll) 28d0.327c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll 28d0.327c: supR3HardenedDllNotificationCallback: load 00007ff856cb0000 LB 0x000a7000 C:\WINDOWS\system32\ADVAPI32.dll [fFlags=0x0] 28d0.327c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 28d0.327c: supR3HardenedDllNotificationCallback: load 00007ff8552e0000 LB 0x00143000 C:\WINDOWS\system32\ole32.dll [fFlags=0x0] 28d0.327c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll [lacks WinVerifyTrust] 28d0.327c: supR3HardenedDllNotificationCallback: load 00007ff853680000 LB 0x0002d000 C:\WINDOWS\SYSTEM32\SSPICLI.DLL [fFlags=0x0] 28d0.327c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sspicli.dll [lacks WinVerifyTrust] 28d0.327c: supR3HardenedDllNotificationCallback: load 00007ff832ee0000 LB 0x00062000 C:\Program Files\Manufacturer\Endpoint Agent\prntm64.dll [fFlags=0x0] 28d0.327c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Manufacturer\Endpoint Agent\prntm64.dll [lacks WinVerifyTrust] 28d0.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'. 28d0.327c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll) 28d0.327c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 28d0.327c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 28d0.327c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 28d0.327c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 28d0.327c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 28d0.327c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 28d0.327c: supR3HardenedDllNotificationCallback: load 00007ff855460000 LB 0x0003b000 C:\WINDOWS\system32\IMM32.DLL [fFlags=0x0] 28d0.327c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust] 28d0.327c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff855460000 'C:\WINDOWS\system32\IMM32.DLL' 28d0.327c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff832ee0000 'C:\Program Files\Manufacturer\Endpoint Agent\prntm64.dll' 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #65 'user32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #67 'gdi32.dll'. 28d0.1a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) 28d0.1a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'. 28d0.1a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll) 28d0.1a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'. 28d0.1a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll) 28d0.1a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 28d0.1a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll) 28d0.1a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. 28d0.1a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) 28d0.1a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. 28d0.1a84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) 28d0.1a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'user32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'gdi32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'dciman32.dll'. 28d0.1a84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) 28d0.1a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 28d0.1a84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) 28d0.1a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 28d0.1a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) 28d0.1a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'user32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'shlwapi.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'gdi32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'comctl32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'shell32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'firewallapi.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'netapi32.dll'. 28d0.1a84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) 28d0.1a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netapi32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'netapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\netapi32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 28d0.1a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\netapi32.dll) 28d0.1a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\netapi32.dll 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'firewallapi.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'firewallapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\firewallapi.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 28d0.1a84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\FirewallAPI.dll) 28d0.1a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\FirewallAPI.dll 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0] 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 28d0.1a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) 28d0.1a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 28d0.1a84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) 28d0.1a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01: [calling] 28d0.1a84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 28d0.1a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll) 28d0.1a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll 28d0.1a84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 28d0.1a84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\davhlpr.dll) 28d0.1a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\davhlpr.dll 28d0.1a84: supR3HardenedDllNotificationCallback: load 00007ff838d70000 LB 0x00008000 C:\WINDOWS\SYSTEM32\DCIMAN32.dll [fFlags=0x0] 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedDllNotificationCallback: load 00007ff82db80000 LB 0x000fa000 C:\WINDOWS\SYSTEM32\DDRAW.dll [fFlags=0x0] 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedDllNotificationCallback: load 00007ff838bb0000 LB 0x0002e000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0] 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedDllNotificationCallback: load 00007ff82dc80000 LB 0x00129000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0] 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedDllNotificationCallback: load 00007ff8556e0000 LB 0x0006b000 C:\WINDOWS\system32\WS2_32.dll [fFlags=0x0] 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedDllNotificationCallback: load 00007ff825d00000 LB 0x0050f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0] 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedDllNotificationCallback: load 0000000072490000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0] 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedDllNotificationCallback: load 00007ff854780000 LB 0x000b5000 C:\WINDOWS\system32\shcore.dll [fFlags=0x0] 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'. 28d0.1a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll) 28d0.1a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll 28d0.1a84: supR3HardenedDllNotificationCallback: load 00007ff843a40000 LB 0x000aa000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\COMCTL32.dll [fFlags=0x0] 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedDllNotificationCallback: load 00007ff8546a0000 LB 0x00043000 C:\WINDOWS\system32\cfgmgr32.dll [fFlags=0x0] 28d0.1a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) 28d0.1a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll 28d0.1a84: supR3HardenedDllNotificationCallback: load 00007ff853b30000 LB 0x0000f000 C:\WINDOWS\system32\kernel.appcore.dll [fFlags=0x0] 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcrt.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 28d0.1a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll) 28d0.1a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll 28d0.1a84: supR3HardenedDllNotificationCallback: load 00007ff853ae0000 LB 0x0004b000 C:\WINDOWS\system32\powrprof.dll [fFlags=0x0] 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'. 28d0.1a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll) 28d0.1a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll 28d0.1a84: supR3HardenedDllNotificationCallback: load 00007ff853ac0000 LB 0x00014000 C:\WINDOWS\system32\profapi.dll [fFlags=0x0] 28d0.1a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll) 28d0.1a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll 28d0.1a84: supR3HardenedDllNotificationCallback: load 00007ff853dd0000 LB 0x00645000 C:\WINDOWS\system32\windows.storage.dll [fFlags=0x0] 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #59 'combase.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #66 'profapi.dll'. 28d0.1a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\windows.storage.dll) 28d0.1a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\windows.storage.dll 28d0.1a84: supR3HardenedDllNotificationCallback: load 00007ff855750000 LB 0x0155c000 C:\WINDOWS\system32\SHELL32.dll [fFlags=0x0] 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedDllNotificationCallback: load 00007ff853b50000 LB 0x00086000 C:\WINDOWS\system32\FirewallAPI.dll [fFlags=0x0] 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\FirewallAPI.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedDllNotificationCallback: load 00007ff8546f0000 LB 0x00017000 C:\WINDOWS\system32\NETAPI32.dll [fFlags=0x0] 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netapi32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedDllNotificationCallback: load 00007ff84b550000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\DAVHLPR.DLL [fFlags=0x0] 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\davhlpr.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedDllNotificationCallback: load 00007ff8571a0000 LB 0x0010b000 C:\WINDOWS\system32\COMDLG32.dll [fFlags=0x0] 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedDllNotificationCallback: load 00007ff854900000 LB 0x000c1000 C:\WINDOWS\system32\OLEAUT32.dll [fFlags=0x0] 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedDllNotificationCallback: load 00007ff851fb0000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0] 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedDllNotificationCallback: load 00007ff852010000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0] 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedDllNotificationCallback: load 000000006f460000 LB 0x0096c000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0] 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedDllNotificationCallback: load 00000000723b0000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0] 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedDllNotificationCallback: load 00007ff825440000 LB 0x008c0000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0] 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff825d00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff825d00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff825d00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff825d00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff825d00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff825d00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff825d00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff825d00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff825d00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff825d00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff825d00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff825d00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff825d00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff825d00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff825d00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff825d00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff825d00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff825d00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff825d00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff825d00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff825d00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff825d00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff825d00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff825d00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff825d00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff825d00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff825d00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff825d00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff825d00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff825d00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff825d00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff825d00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff855460000 'C:\WINDOWS\system32\imm32.dll' 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'. 28d0.1a84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\fwbase.dll) 28d0.1a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\fwbase.dll 28d0.1a84: supR3HardenedDllNotificationCallback: load 00007ff852610000 LB 0x00032000 C:\WINDOWS\SYSTEM32\fwbase.dll [fFlags=0x0] 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\fwbase.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff825440000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff852010000 'C:\WINDOWS\system32\winmm.dll' 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'. 28d0.1a84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) 28d0.1a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 28d0.1a84: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedDllNotificationCallback: load 00007ff852170000 LB 0x00096000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0] 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff852170000 'C:\WINDOWS\system32\uxtheme.dll' 28d0.1a84: supR3HardenedDllNotificationCallback: load 00007ff857040000 LB 0x0015a000 C:\WINDOWS\system32\MSCTF.dll [fFlags=0x0] 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'imm32.dll'. 28d0.1a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msctf.dll) 28d0.1a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'. 28d0.1a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'gdi32.dll'. 28d0.1a84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) 28d0.1a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll 28d0.1a84: supR3HardenedDllNotificationCallback: load 00007ff8519e0000 LB 0x00022000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0] 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.1a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.1a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff855750000 'C:\WINDOWS\system32\shell32.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8549d0000 'C:\WINDOWS\system32\kernel32.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff852170000 'C:\WINDOWS\system32\uxtheme.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff852170000 'C:\WINDOWS\system32\uxtheme.dll' 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8572d0000 'C:\WINDOWS\system32\user32.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff852170000 'C:\WINDOWS\system32\uxtheme.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8572d0000 'C:\WINDOWS\system32\user32.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8554a0000 'C:\WINDOWS\system32\gdi32.dll' 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8572d0000 'C:\WINDOWS\system32\user32.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8549d0000 'C:\WINDOWS\system32\kernel32.dll' 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff856e80000 'C:\WINDOWS\system32\rpcrt4.dll' 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff857040000 'C:\WINDOWS\system32\MSCTF.dll' 28d0.1cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 28d0.1cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'. 28d0.1cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'devobj.dll'. 28d0.1cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'propsys.dll'. 28d0.1cd8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) 28d0.1cd8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll 28d0.1cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 28d0.1cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'cfgmgr32.dll'. 28d0.1cd8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) 28d0.1cd8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll 28d0.1cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 28d0.1cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'. 28d0.1cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. 28d0.1cd8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) 28d0.1cd8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll 28d0.1cd8: supR3HardenedDllNotificationCallback: load 00007ff852280000 LB 0x00027000 C:\WINDOWS\SYSTEM32\DEVOBJ.dll [fFlags=0x0] 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedDllNotificationCallback: load 00007ff84f180000 LB 0x00186000 C:\WINDOWS\SYSTEM32\PROPSYS.dll [fFlags=0x0] 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedDllNotificationCallback: load 00007ff84ec70000 LB 0x00070000 C:\WINDOWS\SYSTEM32\MMDevAPI.DLL [fFlags=0x0] 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 28d0.1cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ksuser.dll'. 28d0.1cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'. 28d0.1cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'winmm.dll'. 28d0.1cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'avrt.dll'. 28d0.1cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'mmdevapi.dll'. 28d0.1cd8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) 28d0.1cd8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] 28d0.1cd8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'... 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008] 28d0.1cd8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) 28d0.1cd8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 28d0.1cd8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 28d0.1cd8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'... 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008] 28d0.1cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 28d0.1cd8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) 28d0.1cd8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.1cd8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 28d0.1cd8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 28d0.1cd8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.1cd8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] 28d0.1cd8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.1cd8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'... 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008] 28d0.1cd8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'... 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008] 28d0.1cd8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 28d0.1cd8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.1cd8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.1cd8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 28d0.1cd8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedDllNotificationCallback: load 00007ff84bc90000 LB 0x00008000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0] 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedDllNotificationCallback: load 00007ff850950000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0] 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedDllNotificationCallback: load 00007ff84bca0000 LB 0x00042000 C:\WINDOWS\system32\wdmaud.drv [fFlags=0x0] 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff84bca0000 'C:\WINDOWS\system32\wdmaud.drv' 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff84bca0000 'C:\WINDOWS\system32\wdmaud.drv' 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff84ec70000 'C:\WINDOWS\system32\MMDEVAPI.DLL' 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff84bca0000 'C:\WINDOWS\system32\wdmaud.drv' 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff84bca0000 'C:\WINDOWS\system32\wdmaud.drv' 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff84bca0000 'C:\WINDOWS\system32\wdmaud.drv' 28d0.1cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 28d0.1cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'. 28d0.1cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'. 28d0.1cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'mmdevapi.dll'. 28d0.1cd8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) 28d0.1cd8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] 28d0.1cd8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 28d0.1cd8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 28d0.1cd8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.1cd8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 28d0.1cd8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 28d0.1cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'combase.dll'. 28d0.1cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. 28d0.1cd8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WinTypes.dll) 28d0.1cd8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WinTypes.dll 28d0.1cd8: supR3HardenedDllNotificationCallback: load 00007ff84ed30000 LB 0x00136000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0] 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WinTypes.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedDllNotificationCallback: load 00007ff84bc00000 LB 0x00088000 C:\WINDOWS\system32\AUDIOSES.DLL [fFlags=0x0] 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff84bc00000 'C:\WINDOWS\system32\AUDIOSES.DLL' 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 28d0.1cd8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 28d0.1cd8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.1cd8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff84bca0000 'C:\WINDOWS\system32\wdmaud.drv' 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff84bca0000 'C:\WINDOWS\system32\wdmaud.drv' 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff84bca0000 'C:\WINDOWS\system32\wdmaud.drv' 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff84bca0000 'C:\WINDOWS\system32\wdmaud.drv' 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff84bca0000 'C:\WINDOWS\system32\wdmaud.drv' 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff84bca0000 'C:\WINDOWS\system32\wdmaud.drv' 28d0.1cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 28d0.1cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'. 28d0.1cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msacm32.dll'. 28d0.1cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'. 28d0.1cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmm.dll'. 28d0.1cd8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) 28d0.1cd8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 28d0.1cd8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 28d0.1cd8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'... 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008] 28d0.1cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 28d0.1cd8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) 28d0.1cd8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] 28d0.1cd8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.1cd8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.1cd8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 28d0.1cd8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedDllNotificationCallback: load 00007ff84ba40000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0] 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedDllNotificationCallback: load 00007ff84ba60000 LB 0x0000c000 C:\WINDOWS\system32\msacm32.drv [fFlags=0x0] 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff84ba60000 'C:\WINDOWS\system32\msacm32.drv' 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff84ba60000 'C:\WINDOWS\system32\msacm32.drv' 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff84ba60000 'C:\WINDOWS\system32\msacm32.drv' 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff84ba60000 'C:\WINDOWS\system32\msacm32.drv' 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff84ba60000 'C:\WINDOWS\system32\msacm32.drv' 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff84ba60000 'C:\WINDOWS\system32\msacm32.drv' 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff84ba60000 'C:\WINDOWS\system32\msacm32.drv' 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff84ba60000 'C:\WINDOWS\system32\msacm32.drv' 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff84ba60000 'C:\WINDOWS\system32\msacm32.drv' 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff84ba60000 'C:\WINDOWS\system32\msacm32.drv' 28d0.1cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 28d0.1cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'winmm.dll'. 28d0.1cd8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) 28d0.1cd8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 28d0.1cd8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.1cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.1cd8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 28d0.1cd8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\midimap.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedDllNotificationCallback: load 00007ff84ba30000 LB 0x0000a000 C:\WINDOWS\system32\midimap.dll [fFlags=0x0] 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\midimap.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff84ba30000 'C:\WINDOWS\system32\midimap.dll' 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\midimap.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff84ba30000 'C:\WINDOWS\system32\midimap.dll' 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\midimap.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff84ba30000 'C:\WINDOWS\system32\midimap.dll' 28d0.1cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\midimap.dll [lacks WinVerifyTrust] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 28d0.1cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff84ba30000 'C:\WINDOWS\system32\midimap.dll' 28d0.bec: supR3HardenedDllNotificationCallback: load 00007ff855630000 LB 0x000a7000 C:\WINDOWS\system32\clbcatq.dll [fFlags=0x0] 28d0.bec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 28d0.bec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 28d0.bec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) 28d0.bec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll 28d0.bec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll [lacks WinVerifyTrust] 28d0.bec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 28d0.bec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 28d0.bec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 28d0.bec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 28d0.bec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 28d0.bec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 28d0.bec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 28d0.bec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff84ec70000 'C:\WINDOWS\System32\MMDevApi.dll' 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: 'C:\WINDOWS\system32\comctl32.dll' -> 'C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll' [redir] 28d0.1a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll [lacks WinVerifyTrust] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll (Input=C:\WINDOWS\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 28d0.1a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843a40000 'C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll' 16e4.2678: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 24041 ms, the end);