2e94.2e20: Log file opened: 5.2.0r118431 g_hStartupLog=0000000000000178 g_uNtVerCombined=0xa0383900 2e94.2e20: \SystemRoot\System32\ntdll.dll: 2e94.2e20: CreationTime: 2017-10-16T14:31:48.779932500Z 2e94.2e20: LastWriteTime: 2017-09-07T06:03:35.589628500Z 2e94.2e20: ChangeTime: 2017-11-10T09:00:37.540950700Z 2e94.2e20: FileAttributes: 0x20 2e94.2e20: Size: 0x1cccb0 2e94.2e20: NT Headers: 0xd8 2e94.2e20: Timestamp: 0x59b0d03e 2e94.2e20: Machine: 0x8664 - amd64 2e94.2e20: Timestamp: 0x59b0d03e 2e94.2e20: Image Version: 10.0 2e94.2e20: SizeOfImage: 0x1d2000 (1908736) 2e94.2e20: Resource Dir: 0x169000 LB 0x67a50 2e94.2e20: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 2e94.2e20: [Raw version resource data: 0x1690f0 LB 0x398, codepage 0x0 (reserved 0x0)] 2e94.2e20: ProductName: Microsoft® Windows® Operating System 2e94.2e20: ProductVersion: 10.0.14393.1715 2e94.2e20: FileVersion: 10.0.14393.1715 (rs1_release_inmarket.170906-1810) 2e94.2e20: FileDescription: NT Layer DLL 2e94.2e20: \SystemRoot\System32\kernel32.dll: 2e94.2e20: CreationTime: 2017-07-25T12:40:12.002291400Z 2e94.2e20: LastWriteTime: 2017-04-28T00:49:43.332433600Z 2e94.2e20: ChangeTime: 2017-11-10T09:00:36.613513700Z 2e94.2e20: FileAttributes: 0x20 2e94.2e20: Size: 0xab208 2e94.2e20: NT Headers: 0xf0 2e94.2e20: Timestamp: 0x59028368 2e94.2e20: Machine: 0x8664 - amd64 2e94.2e20: Timestamp: 0x59028368 2e94.2e20: Image Version: 10.0 2e94.2e20: SizeOfImage: 0xac000 (704512) 2e94.2e20: Resource Dir: 0xaa000 LB 0x530 2e94.2e20: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2e94.2e20: [Raw version resource data: 0xaa0b0 LB 0x3b4, codepage 0x0 (reserved 0x0)] 2e94.2e20: ProductName: Microsoft® Windows® Operating System 2e94.2e20: ProductVersion: 10.0.14393.1198 2e94.2e20: FileVersion: 10.0.14393.1198 (rs1_release_sec.170427-1353) 2e94.2e20: FileDescription: Windows NT BASE API Client DLL 2e94.2e20: \SystemRoot\System32\KernelBase.dll: 2e94.2e20: CreationTime: 2017-11-10T08:08:16.552014300Z 2e94.2e20: LastWriteTime: 2017-09-18T03:09:13.383806400Z 2e94.2e20: ChangeTime: 2017-11-10T16:28:37.631925100Z 2e94.2e20: FileAttributes: 0x20 2e94.2e20: Size: 0x21c780 2e94.2e20: NT Headers: 0xf8 2e94.2e20: Timestamp: 0x59bf2ba6 2e94.2e20: Machine: 0x8664 - amd64 2e94.2e20: Timestamp: 0x59bf2ba6 2e94.2e20: Image Version: 10.0 2e94.2e20: SizeOfImage: 0x21d000 (2215936) 2e94.2e20: Resource Dir: 0x201000 LB 0x550 2e94.2e20: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2e94.2e20: [Raw version resource data: 0x2010b0 LB 0x3c4, codepage 0x0 (reserved 0x0)] 2e94.2e20: ProductName: Microsoft® Windows® Operating System 2e94.2e20: ProductVersion: 10.0.14393.1770 2e94.2e20: FileVersion: 10.0.14393.1770 (rs1_release.170917-1700) 2e94.2e20: FileDescription: Windows NT BASE API Client DLL 2e94.2e20: \SystemRoot\System32\apisetschema.dll: 2e94.2e20: CreationTime: 2017-08-08T19:01:46.951706100Z 2e94.2e20: LastWriteTime: 2017-07-12T06:15:56.983190800Z 2e94.2e20: ChangeTime: 2017-11-10T09:00:37.432521900Z 2e94.2e20: FileAttributes: 0x20 2e94.2e20: Size: 0x18b60 2e94.2e20: NT Headers: 0xc8 2e94.2e20: Timestamp: 0x5965b2bd 2e94.2e20: Machine: 0x8664 - amd64 2e94.2e20: Timestamp: 0x5965b2bd 2e94.2e20: Image Version: 10.0 2e94.2e20: SizeOfImage: 0x19000 (102400) 2e94.2e20: Resource Dir: 0x18000 LB 0x408 2e94.2e20: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2e94.2e20: [Raw version resource data: 0x18060 LB 0x3a4, codepage 0x0 (reserved 0x0)] 2e94.2e20: ProductName: Microsoft® Windows® Operating System 2e94.2e20: ProductVersion: 10.0.14393.1532 2e94.2e20: FileVersion: 10.0.14393.1532 (rs1_release_d.170711-1840) 2e94.2e20: FileDescription: ApiSet Schema DLL 2e94.2e20: NtOpenDirectoryObject failed on \Driver: 0xc0000022 2e94.2e20: supR3HardenedWinFindAdversaries: 0x18003 2e94.2e20: \SystemRoot\System32\drivers\SysPlant.sys: 2e94.2e20: CreationTime: 2017-07-26T04:30:24.302216200Z 2e94.2e20: LastWriteTime: 2017-07-26T04:30:24.317842400Z 2e94.2e20: ChangeTime: 2017-07-26T04:30:24.317842400Z 2e94.2e20: FileAttributes: 0x20 2e94.2e20: Size: 0x2b9a8 2e94.2e20: NT Headers: 0x100 2e94.2e20: Timestamp: 0x576a282d 2e94.2e20: Machine: 0x8664 - amd64 2e94.2e20: Timestamp: 0x576a282d 2e94.2e20: Image Version: 5.0 2e94.2e20: SizeOfImage: 0x30000 (196608) 2e94.2e20: Resource Dir: 0x2e000 LB 0x498 2e94.2e20: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2e94.2e20: [Raw version resource data: 0x2e0b8 LB 0x3e0, codepage 0x4e4 (reserved 0x0)] 2e94.2e20: ProductName: Symantec CMC Firewall 2e94.2e20: ProductVersion: 12.1.7004.6500 2e94.2e20: FileVersion: 12.1.7004.6500 2e94.2e20: FileDescription: Symantec CMC Firewall SysPlant 2e94.2e20: \SystemRoot\System32\sysfer.dll: 2e94.2e20: CreationTime: 2017-07-26T04:30:24.239715000Z 2e94.2e20: LastWriteTime: 2017-07-26T04:30:24.286591600Z 2e94.2e20: ChangeTime: 2017-07-26T04:30:24.286591600Z 2e94.2e20: FileAttributes: 0x20 2e94.2e20: Size: 0x73728 2e94.2e20: NT Headers: 0xf0 2e94.2e20: Timestamp: 0x576a2837 2e94.2e20: Machine: 0x8664 - amd64 2e94.2e20: Timestamp: 0x576a2837 2e94.2e20: Image Version: 0.0 2e94.2e20: SizeOfImage: 0x89000 (561152) 2e94.2e20: Resource Dir: 0x87000 LB 0x630 2e94.2e20: [Version info resource found at 0xc8! (ID/Name: 0x1; SubID/SubName: 0x409)] 2e94.2e20: [Raw version resource data: 0x87100 LB 0x3d4, codepage 0x4e4 (reserved 0x0)] 2e94.2e20: ProductName: Symantec CMC Firewall 2e94.2e20: ProductVersion: 12.1.7004.6500 2e94.2e20: FileVersion: 12.1.7004.6500 2e94.2e20: FileDescription: Symantec CMC Firewall sysfer 2e94.2e20: \SystemRoot\System32\drivers\symevent64x86.sys: 2e94.2e20: CreationTime: 2017-07-26T04:31:22.476758300Z 2e94.2e20: LastWriteTime: 2017-07-26T04:31:22.273624600Z 2e94.2e20: ChangeTime: 2017-07-26T04:31:22.273624600Z 2e94.2e20: FileAttributes: 0x20 2e94.2e20: Size: 0x2b8d8 2e94.2e20: NT Headers: 0xe8 2e94.2e20: Timestamp: 0x54b87d44 2e94.2e20: Machine: 0x8664 - amd64 2e94.2e20: Timestamp: 0x54b87d44 2e94.2e20: Image Version: 6.0 2e94.2e20: SizeOfImage: 0x38000 (229376) 2e94.2e20: Resource Dir: 0x36000 LB 0x3c8 2e94.2e20: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2e94.2e20: [Raw version resource data: 0x360b8 LB 0x310, codepage 0x4e4 (reserved 0x0)] 2e94.2e20: ProductName: SYMEVENT 2e94.2e20: ProductVersion: 12.9.6.12 2e94.2e20: FileVersion: 12.9.6.12 2e94.2e20: FileDescription: Symantec Event Library 2e94.2e20: \SystemRoot\System32\drivers\cyprotectdrv64.sys: 2e94.2e20: CreationTime: 2017-10-24T15:31:18.834773900Z 2e94.2e20: LastWriteTime: 2017-11-09T07:36:41.344755100Z 2e94.2e20: ChangeTime: 2017-11-20T09:19:02.498899900Z 2e94.2e20: FileAttributes: 0x20 2e94.2e20: Size: 0x30be8 2e94.2e20: NT Headers: 0x100 2e94.2e20: Timestamp: 0x59f8fc8d 2e94.2e20: Machine: 0x8664 - amd64 2e94.2e20: Timestamp: 0x59f8fc8d 2e94.2e20: Image Version: 6.1 2e94.2e20: SizeOfImage: 0x131000 (1249280) 2e94.2e20: Resource Dir: 0x12f000 LB 0x2f0 2e94.2e20: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2e94.2e20: [Raw version resource data: 0x12f060 LB 0x28c, codepage 0x0 (reserved 0x0)] 2e94.2e20: ProductName: CylancePROTECT 2e94.2e20: ProductVersion: 2.0.1460.27 2e94.2e20: FileVersion: 2.0.1460.27 2e94.2e20: FileDescription: Cylance Protect Driver 2e94.2e20: \SystemRoot\System32\drivers\privman.sys: 2e94.2e20: CreationTime: 2017-11-20T07:52:55.503152200Z 2e94.2e20: LastWriteTime: 2017-10-11T16:51:26.000000000Z 2e94.2e20: ChangeTime: 2017-11-20T09:31:19.898387200Z 2e94.2e20: FileAttributes: 0x20 2e94.2e20: Size: 0x10618 2e94.2e20: NT Headers: 0x100 2e94.2e20: Timestamp: 0x59deb541 2e94.2e20: Machine: 0x8664 - amd64 2e94.2e20: Timestamp: 0x59deb541 2e94.2e20: Image Version: 6.1 2e94.2e20: SizeOfImage: 0xf000 (61440) 2e94.2e20: Resource Dir: 0xb000 LB 0x2fa8 2e94.2e20: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x0)] 2e94.2e20: [Raw version resource data: 0xb0a0 LB 0x33c, codepage 0x0 (reserved 0x0)] 2e94.2e20: ProductName: PowerBroker for Windows 2e94.2e20: ProductVersion: 7.3.1.0 2e94.2e20: FileVersion: 7.3.1.0 2e94.2e20: FileDescription: PowerBroker for Windows 2e94.2e20: \SystemRoot\System32\privman64.dll: 2e94.2e20: CreationTime: 2017-10-11T20:32:50.000000000Z 2e94.2e20: LastWriteTime: 2017-10-11T20:32:50.000000000Z 2e94.2e20: ChangeTime: 2017-11-20T09:31:19.913099000Z 2e94.2e20: FileAttributes: 0x20 2e94.2e20: Size: 0x39340 2e94.2e20: NT Headers: 0xf8 2e94.2e20: Timestamp: 0x59deb4c7 2e94.2e20: Machine: 0x8664 - amd64 2e94.2e20: Timestamp: 0x59deb4c7 2e94.2e20: Image Version: 0.0 2e94.2e20: SizeOfImage: 0x3b000 (241664) 2e94.2e20: Resource Dir: 0x39000 LB 0x578 2e94.2e20: [Version info resource found at 0x80! (ID/Name: 0x1; SubID/SubName: 0x0)] 2e94.2e20: [Raw version resource data: 0x390a0 LB 0x37c, codepage 0x4e4 (reserved 0x0)] 2e94.2e20: ProductName: PowerBroker for Windows 2e94.2e20: ProductVersion: 7.3.1.0 2e94.2e20: FileVersion: 7.3.1.0 2e94.2e20: FileDescription: BeyondTrust PowerBroker for Windows DLL 2e94.2e20: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 2e94.2e20: Calling main() 2e94.2e20: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 2e94.2e20: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 2e94.2e20: SUPR3HardenedMain: Respawn #1 2e94.2e20: System32: \Device\HarddiskVolume1\Windows\System32 2e94.2e20: WinSxS: \Device\HarddiskVolume1\Windows\WinSxS 2e94.2e20: KnownDllPath: C:\WINDOWS\System32 2e94.2e20: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 2e94.2e20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe) 2e94.2e20: supR3HardNtEnableThreadCreation: 2e94.2e20: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbb7c99f60 pvNtTerminateThread=00007ffbb7cc6af0 2e94.2e20: supR3HardenedWinDoReSpawn(1): New child 3718.38f8 [kernel32]. 2e94.2e20: supR3HardNtChildGatherData: PebBaseAddress=0000000000ae2000 cbPeb=0x388 2e94.2e20: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffbb7c20000 uNtDllChildAddr=00007ffbb7c20000 2e94.2e20: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffbb7c99f60 2e94.2e20: supR3HardenedWinSetupChildInit: Start child. 2e94.2e20: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 2e94.2e20: supR3HardNtChildPurify: Startup delay kludge #1/0: 518 ms, 59 sleeps 2e94.2e20: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 2e94.2e20: *0000000000000000-000000000093ffff 0x0001/0x0000 0x0000000 2e94.2e20: *0000000000940000-000000000095ffff 0x0004/0x0004 0x0020000 2e94.2e20: *0000000000960000-0000000000975fff 0x0002/0x0002 0x0040000 2e94.2e20: 0000000000976000-000000000097ffff 0x0001/0x0000 0x0000000 2e94.2e20: *0000000000980000-0000000000983fff 0x0002/0x0002 0x0040000 2e94.2e20: 0000000000984000-000000000098ffff 0x0001/0x0000 0x0000000 2e94.2e20: *0000000000990000-0000000000991fff 0x0004/0x0004 0x0020000 2e94.2e20: 0000000000992000-00000000009fffff 0x0001/0x0000 0x0000000 2e94.2e20: *0000000000a00000-0000000000ae1fff 0x0000/0x0004 0x0020000 2e94.2e20: 0000000000ae2000-0000000000ae4fff 0x0004/0x0004 0x0020000 2e94.2e20: 0000000000ae5000-0000000000bfffff 0x0000/0x0004 0x0020000 2e94.2e20: *0000000000c00000-0000000000cfafff 0x0000/0x0004 0x0020000 2e94.2e20: 0000000000cfb000-0000000000cfdfff 0x0104/0x0004 0x0020000 2e94.2e20: 0000000000cfe000-0000000000cfffff 0x0004/0x0004 0x0020000 2e94.2e20: 0000000000d00000-000000007ffdffff 0x0001/0x0000 0x0000000 2e94.2e20: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 2e94.2e20: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 2e94.2e20: 000000007fff0000-00007ff786f4ffff 0x0001/0x0000 0x0000000 2e94.2e20: *00007ff786f50000-00007ff786f72fff 0x0002/0x0002 0x0040000 2e94.2e20: 00007ff786f73000-00007ff787f4ffff 0x0001/0x0000 0x0000000 2e94.2e20: *00007ff787f50000-00007ff787f50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 2e94.2e20: 00007ff787f51000-00007ff787fc1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 2e94.2e20: 00007ff787fc2000-00007ff787fc2fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 2e94.2e20: 00007ff787fc3000-00007ff788008fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 2e94.2e20: 00007ff788009000-00007ff788009fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 2e94.2e20: 00007ff78800a000-00007ff78800afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 2e94.2e20: 00007ff78800b000-00007ff78800ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 2e94.2e20: 00007ff788010000-00007ff788010fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 2e94.2e20: 00007ff788011000-00007ff788011fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 2e94.2e20: 00007ff788012000-00007ff788015fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 2e94.2e20: 00007ff788016000-00007ff78805dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 2e94.2e20: 00007ff78805e000-00007ffbb7c1ffff 0x0001/0x0000 0x0000000 2e94.2e20: *00007ffbb7c20000-00007ffbb7c20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 2e94.2e20: 00007ffbb7c21000-00007ffbb7d28fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 2e94.2e20: 00007ffbb7d29000-00007ffbb7d6cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 2e94.2e20: 00007ffbb7d6d000-00007ffbb7d75fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 2e94.2e20: 00007ffbb7d76000-00007ffbb7d83fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 2e94.2e20: 00007ffbb7d84000-00007ffbb7d84fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 2e94.2e20: 00007ffbb7d85000-00007ffbb7d87fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 2e94.2e20: 00007ffbb7d88000-00007ffbb7df1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 2e94.2e20: 00007ffbb7df2000-00007ffffffdffff 0x0001/0x0000 0x0000000 2e94.2e20: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000 2e94.2e20: VirtualBox.exe: timestamp 0x59e6e5d5 (rc=VINF_SUCCESS) 2e94.2e20: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 2e94.2e20: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports 2e94.2e20: supR3HardNtChildPurify: Done after 602 ms and 0 fixes (loop #0). 2e94.2e20: supR3HardNtEnableThreadCreation: 3718.38f8: Log file opened: 5.2.0r118431 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0383900 3718.38f8: supR3HardenedVmProcessInit: uNtDllAddr=00007ffbb7c20000 g_uNtVerCombined=0xa0383900 3718.38f8: ntdll.dll: timestamp 0x59b0d03e (rc=VINF_SUCCESS) 3718.38f8: New simple heap: #1 0000000000e00000 LB 0x400000 (for 1908736 allocation) 3718.38f8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 3718.38f8: System32: \Device\HarddiskVolume1\Windows\System32 3718.38f8: WinSxS: \Device\HarddiskVolume1\Windows\WinSxS 3718.38f8: KnownDllPath: C:\WINDOWS\System32 3718.38f8: supR3HardenedVmProcessInit: Opening vboxdrv stub... 3718.38f8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 3718.38f8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 3718.38f8: Registered Dll notification callback with NTDLL. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll 3718.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb4a90000 LB 0x0021d000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0] 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb59d0000 LB 0x000ac000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb59d0000 'C:\WINDOWS\System32\KERNEL32.DLL' 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ff787f50000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 3718.38f8: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'rpcrt4.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'version.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'shell32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shlwapi.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'userenv.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\privman64.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\privman64.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume1\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'profapi.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\userenv.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\userenv.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'gdi32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'user32.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\shlwapi.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shlwapi.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #66 'user32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #68 'gdi32.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\shell32.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shell32.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\advapi32.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\advapi32.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'gdi32.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\user32.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\user32.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume1\Windows\System32\version.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\version.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\version.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msvcrt.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcrt.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\gdi32.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gdi32.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume1\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 3718.38f8: '\Device\HarddiskVolume1\Windows\System32\win32u.dll' has no imports 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\win32u.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\win32u.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume1\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\sechost.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sechost.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\profapi.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\profapi.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\privman64.dll (Input=privman64.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3718.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\privman64.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\version.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\userenv.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb5ab0000 LB 0x00121000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb57b0000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb3ef0000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\VERSION.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\version.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb4f10000 LB 0x0001e000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\win32u.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb4190000 LB 0x00180000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'gdi32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'win32u.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\gdi32full.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gdi32full.dll 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb7800000 LB 0x00034000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb5640000 LB 0x00165000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb51b0000 LB 0x00059000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\sechost.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb7840000 LB 0x000a2000 C:\WINDOWS\System32\ADVAPI32.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb5100000 LB 0x00042000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0] 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb4cb0000 LB 0x000f5000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0] 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ucrtbase.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ucrtbase.dll 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb4120000 LB 0x0006a000 C:\WINDOWS\System32\bcryptPrimitives.dll [fFlags=0x0] 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb5d80000 LB 0x002c8000 C:\WINDOWS\System32\combase.dll [fFlags=0x0] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'bcryptprimitives.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\combase.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\combase.dll 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb40d0000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\powrprof.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\powrprof.dll 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb77a0000 LB 0x00052000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb40b0000 LB 0x0000f000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\kernel.appcore.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel.appcore.dll 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb4db0000 LB 0x000a9000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'combase.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\SHCore.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\SHCore.dll 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb4090000 LB 0x00014000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\profapi.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb43b0000 LB 0x006d8000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'combase.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #63 'profapi.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\windows.storage.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\windows.storage.dll 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb60c0000 LB 0x01508000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb3ed0000 LB 0x0001f000 C:\WINDOWS\SYSTEM32\USERENV.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\userenv.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb3f00000 LB 0x0003b000 C:\WINDOWS\System32\privman64.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\privman64.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'win32u.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\imm32.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\imm32.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume1\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\win32u.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\profapi.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume1\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\combase.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume1\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\combase.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume1\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\win32u.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb5a80000 LB 0x0002e000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb5a80000 'C:\WINDOWS\system32\IMM32.DLL' 3718.38f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 3718.38f8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb4a90000 'api-ms-win-core-synch-l1-2-0' 3718.38f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 3718.38f8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb4a90000 'api-ms-win-core-fibers-l1-1-1' 3718.38f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 3718.38f8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb4a90000 'api-ms-win-core-fibers-l1-1-1' 3718.38f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 3718.38f8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb4a90000 'api-ms-win-core-synch-l1-2-0' 3718.38f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1 3718.38f8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb4a90000 'api-ms-win-core-localization-l1-2-1' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb59d0000 'C:\WINDOWS\System32\kernel32.dll' 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb3f00000 'C:\WINDOWS\System32\privman64.dll' 3718.38f8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbb7c99f60 pvNtTerminateThread=00007ffbb7cc6af0 2e94.2e20: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 616 ms. 3718.38f8: \SystemRoot\System32\ntdll.dll: 3718.38f8: CreationTime: 2017-10-16T14:31:48.779932500Z 3718.38f8: LastWriteTime: 2017-09-07T06:03:35.589628500Z 3718.38f8: ChangeTime: 2017-11-10T09:00:37.540950700Z 3718.38f8: FileAttributes: 0x20 3718.38f8: Size: 0x1cccb0 3718.38f8: NT Headers: 0xd8 3718.38f8: Timestamp: 0x59b0d03e 3718.38f8: Machine: 0x8664 - amd64 3718.38f8: Timestamp: 0x59b0d03e 3718.38f8: Image Version: 10.0 3718.38f8: SizeOfImage: 0x1d2000 (1908736) 3718.38f8: Resource Dir: 0x169000 LB 0x67a50 3718.38f8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 3718.38f8: [Raw version resource data: 0x1690f0 LB 0x398, codepage 0x0 (reserved 0x0)] 3718.38f8: ProductName: Microsoft® Windows® Operating System 3718.38f8: ProductVersion: 10.0.14393.1715 3718.38f8: FileVersion: 10.0.14393.1715 (rs1_release_inmarket.170906-1810) 3718.38f8: FileDescription: NT Layer DLL 3718.38f8: \SystemRoot\System32\kernel32.dll: 3718.38f8: CreationTime: 2017-07-25T12:40:12.002291400Z 3718.38f8: LastWriteTime: 2017-04-28T00:49:43.332433600Z 3718.38f8: ChangeTime: 2017-11-10T09:00:36.613513700Z 3718.38f8: FileAttributes: 0x20 3718.38f8: Size: 0xab208 3718.38f8: NT Headers: 0xf0 3718.38f8: Timestamp: 0x59028368 3718.38f8: Machine: 0x8664 - amd64 3718.38f8: Timestamp: 0x59028368 3718.38f8: Image Version: 10.0 3718.38f8: SizeOfImage: 0xac000 (704512) 3718.38f8: Resource Dir: 0xaa000 LB 0x530 3718.38f8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 3718.38f8: [Raw version resource data: 0xaa0b0 LB 0x3b4, codepage 0x0 (reserved 0x0)] 3718.38f8: ProductName: Microsoft® Windows® Operating System 3718.38f8: ProductVersion: 10.0.14393.1198 3718.38f8: FileVersion: 10.0.14393.1198 (rs1_release_sec.170427-1353) 3718.38f8: FileDescription: Windows NT BASE API Client DLL 3718.38f8: \SystemRoot\System32\KernelBase.dll: 3718.38f8: CreationTime: 2017-11-10T08:08:16.552014300Z 3718.38f8: LastWriteTime: 2017-09-18T03:09:13.383806400Z 3718.38f8: ChangeTime: 2017-11-10T16:28:37.631925100Z 3718.38f8: FileAttributes: 0x20 3718.38f8: Size: 0x21c780 3718.38f8: NT Headers: 0xf8 3718.38f8: Timestamp: 0x59bf2ba6 3718.38f8: Machine: 0x8664 - amd64 3718.38f8: Timestamp: 0x59bf2ba6 3718.38f8: Image Version: 10.0 3718.38f8: SizeOfImage: 0x21d000 (2215936) 3718.38f8: Resource Dir: 0x201000 LB 0x550 3718.38f8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 3718.38f8: [Raw version resource data: 0x2010b0 LB 0x3c4, codepage 0x0 (reserved 0x0)] 3718.38f8: ProductName: Microsoft® Windows® Operating System 3718.38f8: ProductVersion: 10.0.14393.1770 3718.38f8: FileVersion: 10.0.14393.1770 (rs1_release.170917-1700) 3718.38f8: FileDescription: Windows NT BASE API Client DLL 3718.38f8: \SystemRoot\System32\apisetschema.dll: 3718.38f8: CreationTime: 2017-08-08T19:01:46.951706100Z 3718.38f8: LastWriteTime: 2017-07-12T06:15:56.983190800Z 3718.38f8: ChangeTime: 2017-11-10T09:00:37.432521900Z 3718.38f8: FileAttributes: 0x20 3718.38f8: Size: 0x18b60 3718.38f8: NT Headers: 0xc8 3718.38f8: Timestamp: 0x5965b2bd 3718.38f8: Machine: 0x8664 - amd64 3718.38f8: Timestamp: 0x5965b2bd 3718.38f8: Image Version: 10.0 3718.38f8: SizeOfImage: 0x19000 (102400) 3718.38f8: Resource Dir: 0x18000 LB 0x408 3718.38f8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 3718.38f8: [Raw version resource data: 0x18060 LB 0x3a4, codepage 0x0 (reserved 0x0)] 3718.38f8: ProductName: Microsoft® Windows® Operating System 3718.38f8: ProductVersion: 10.0.14393.1532 3718.38f8: FileVersion: 10.0.14393.1532 (rs1_release_d.170711-1840) 3718.38f8: FileDescription: ApiSet Schema DLL 3718.38f8: NtOpenDirectoryObject failed on \Driver: 0xc0000022 3718.38f8: supR3HardenedWinFindAdversaries: 0x18003 3718.38f8: \SystemRoot\System32\drivers\SysPlant.sys: 3718.38f8: CreationTime: 2017-07-26T04:30:24.302216200Z 3718.38f8: LastWriteTime: 2017-07-26T04:30:24.317842400Z 3718.38f8: ChangeTime: 2017-07-26T04:30:24.317842400Z 3718.38f8: FileAttributes: 0x20 3718.38f8: Size: 0x2b9a8 3718.38f8: NT Headers: 0x100 3718.38f8: Timestamp: 0x576a282d 3718.38f8: Machine: 0x8664 - amd64 3718.38f8: Timestamp: 0x576a282d 3718.38f8: Image Version: 5.0 3718.38f8: SizeOfImage: 0x30000 (196608) 3718.38f8: Resource Dir: 0x2e000 LB 0x498 3718.38f8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 3718.38f8: [Raw version resource data: 0x2e0b8 LB 0x3e0, codepage 0x4e4 (reserved 0x0)] 3718.38f8: ProductName: Symantec CMC Firewall 3718.38f8: ProductVersion: 12.1.7004.6500 3718.38f8: FileVersion: 12.1.7004.6500 3718.38f8: FileDescription: Symantec CMC Firewall SysPlant 3718.38f8: \SystemRoot\System32\sysfer.dll: 3718.38f8: CreationTime: 2017-07-26T04:30:24.239715000Z 3718.38f8: LastWriteTime: 2017-07-26T04:30:24.286591600Z 3718.38f8: ChangeTime: 2017-07-26T04:30:24.286591600Z 3718.38f8: FileAttributes: 0x20 3718.38f8: Size: 0x73728 3718.38f8: NT Headers: 0xf0 3718.38f8: Timestamp: 0x576a2837 3718.38f8: Machine: 0x8664 - amd64 3718.38f8: Timestamp: 0x576a2837 3718.38f8: Image Version: 0.0 3718.38f8: SizeOfImage: 0x89000 (561152) 3718.38f8: Resource Dir: 0x87000 LB 0x630 3718.38f8: [Version info resource found at 0xc8! (ID/Name: 0x1; SubID/SubName: 0x409)] 3718.38f8: [Raw version resource data: 0x87100 LB 0x3d4, codepage 0x4e4 (reserved 0x0)] 3718.38f8: ProductName: Symantec CMC Firewall 3718.38f8: ProductVersion: 12.1.7004.6500 3718.38f8: FileVersion: 12.1.7004.6500 3718.38f8: FileDescription: Symantec CMC Firewall sysfer 3718.38f8: \SystemRoot\System32\drivers\symevent64x86.sys: 3718.38f8: CreationTime: 2017-07-26T04:31:22.476758300Z 3718.38f8: LastWriteTime: 2017-07-26T04:31:22.273624600Z 3718.38f8: ChangeTime: 2017-07-26T04:31:22.273624600Z 3718.38f8: FileAttributes: 0x20 3718.38f8: Size: 0x2b8d8 3718.38f8: NT Headers: 0xe8 3718.38f8: Timestamp: 0x54b87d44 3718.38f8: Machine: 0x8664 - amd64 3718.38f8: Timestamp: 0x54b87d44 3718.38f8: Image Version: 6.0 3718.38f8: SizeOfImage: 0x38000 (229376) 3718.38f8: Resource Dir: 0x36000 LB 0x3c8 3718.38f8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 3718.38f8: [Raw version resource data: 0x360b8 LB 0x310, codepage 0x4e4 (reserved 0x0)] 3718.38f8: ProductName: SYMEVENT 3718.38f8: ProductVersion: 12.9.6.12 3718.38f8: FileVersion: 12.9.6.12 3718.38f8: FileDescription: Symantec Event Library 3718.38f8: \SystemRoot\System32\drivers\cyprotectdrv64.sys: 3718.38f8: CreationTime: 2017-10-24T15:31:18.834773900Z 3718.38f8: LastWriteTime: 2017-11-09T07:36:41.344755100Z 3718.38f8: ChangeTime: 2017-11-20T09:19:02.498899900Z 3718.38f8: FileAttributes: 0x20 3718.38f8: Size: 0x30be8 3718.38f8: NT Headers: 0x100 3718.38f8: Timestamp: 0x59f8fc8d 3718.38f8: Machine: 0x8664 - amd64 3718.38f8: Timestamp: 0x59f8fc8d 3718.38f8: Image Version: 6.1 3718.38f8: SizeOfImage: 0x131000 (1249280) 3718.38f8: Resource Dir: 0x12f000 LB 0x2f0 3718.38f8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 3718.38f8: [Raw version resource data: 0x12f060 LB 0x28c, codepage 0x0 (reserved 0x0)] 3718.38f8: ProductName: CylancePROTECT 3718.38f8: ProductVersion: 2.0.1460.27 3718.38f8: FileVersion: 2.0.1460.27 3718.38f8: FileDescription: Cylance Protect Driver 3718.38f8: \SystemRoot\System32\drivers\privman.sys: 3718.38f8: CreationTime: 2017-11-20T07:52:55.503152200Z 3718.38f8: LastWriteTime: 2017-10-11T16:51:26.000000000Z 3718.38f8: ChangeTime: 2017-11-20T09:31:19.898387200Z 3718.38f8: FileAttributes: 0x20 3718.38f8: Size: 0x10618 3718.38f8: NT Headers: 0x100 3718.38f8: Timestamp: 0x59deb541 3718.38f8: Machine: 0x8664 - amd64 3718.38f8: Timestamp: 0x59deb541 3718.38f8: Image Version: 6.1 3718.38f8: SizeOfImage: 0xf000 (61440) 3718.38f8: Resource Dir: 0xb000 LB 0x2fa8 3718.38f8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x0)] 3718.38f8: [Raw version resource data: 0xb0a0 LB 0x33c, codepage 0x0 (reserved 0x0)] 3718.38f8: ProductName: PowerBroker for Windows 3718.38f8: ProductVersion: 7.3.1.0 3718.38f8: FileVersion: 7.3.1.0 3718.38f8: FileDescription: PowerBroker for Windows 3718.38f8: \SystemRoot\System32\privman64.dll: 3718.38f8: CreationTime: 2017-10-11T20:32:50.000000000Z 3718.38f8: LastWriteTime: 2017-10-11T20:32:50.000000000Z 3718.38f8: ChangeTime: 2017-11-20T09:31:19.913099000Z 3718.38f8: FileAttributes: 0x20 3718.38f8: Size: 0x39340 3718.38f8: NT Headers: 0xf8 3718.38f8: Timestamp: 0x59deb4c7 3718.38f8: Machine: 0x8664 - amd64 3718.38f8: Timestamp: 0x59deb4c7 3718.38f8: Image Version: 0.0 3718.38f8: SizeOfImage: 0x3b000 (241664) 3718.38f8: Resource Dir: 0x39000 LB 0x578 3718.38f8: [Version info resource found at 0x80! (ID/Name: 0x1; SubID/SubName: 0x0)] 3718.38f8: [Raw version resource data: 0x390a0 LB 0x37c, codepage 0x4e4 (reserved 0x0)] 3718.38f8: ProductName: PowerBroker for Windows 3718.38f8: ProductVersion: 7.3.1.0 3718.38f8: FileVersion: 7.3.1.0 3718.38f8: FileDescription: BeyondTrust PowerBroker for Windows DLL 3718.38f8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 3718.38f8: Calling main() 3718.38f8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 3718.38f8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 3718.38f8: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe) 3718.38f8: SUPR3HardenedMain: Respawn #2 3718.38f8: Error (rc=-5640): 3718.38f8: More than one thread in process 3718.38f8: Error -5640 in supR3HardenedWinReSpawn! (enmWhat=1) 3718.38f8: More than one thread in process 3718.38f8: supR3HardNtEnableThreadCreation: 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winmm.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winmm.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\oleaut32.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\oleaut32.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'combase.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ole32.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ole32.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\opengl32.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\opengl32.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume1\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'user32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'gdi32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'dciman32.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\ddraw.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ddraw.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume1\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\glu32.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\glu32.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ws2_32.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ws2_32.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume1\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008] 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\mpr.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\mpr.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume1\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'user32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'shlwapi.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'gdi32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'comctl32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'shell32.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\comdlg32.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\comdlg32.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume1\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'bcrypt.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\winspool.drv) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winspool.drv 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume1\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\combase.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume1\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\combase.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msvcp_win.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcp_win.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winmmbase.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winmmbase.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\bcrypt.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcrypt.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\comctl32.dll' [rcNtRedir=0x0] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\comctl32.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\comctl32.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume1\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\dciman32.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dciman32.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01: [calling] 3718.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\glu32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\ddraw.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\mpr.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\winspool.drv [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_0d5aa7fbb6d35646\comctl32.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_0d5aa7fbb6d35646\comctl32.dll 3718.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmmbase.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\dciman32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffb8b120000 LB 0x00008000 C:\WINDOWS\SYSTEM32\DCIMAN32.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\dciman32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffb87960000 LB 0x000f7000 C:\WINDOWS\SYSTEM32\DDRAW.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\ddraw.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffb8ad10000 LB 0x0002d000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\glu32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffb88000000 LB 0x00123000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 000000005f560000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 000000005f4c0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb5960000 LB 0x0006a000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffb7e620000 LB 0x00595000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb7ac0000 LB 0x00138000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffba9870000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\mpr.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 000000005ef50000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffb7e020000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 000000005d950000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb3c00000 LB 0x0002b000 C:\WINDOWS\SYSTEM32\bcrypt.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbab660000 LB 0x00086000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\winspool.drv [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffb8fa60000 LB 0x000ac000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_0d5aa7fbb6d35646\COMCTL32.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_0d5aa7fbb6d35646\comctl32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb5860000 LB 0x000fa000 C:\WINDOWS\System32\COMDLG32.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\comdlg32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffb98150000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 000000005eef0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00000000031f0000 LB 0x0009c000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb7950000 LB 0x000bf000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb2620000 LB 0x0002b000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmmbase.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb2650000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffb740b0000 LB 0x009cf000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb5a80000 'C:\WINDOWS\System32\imm32.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb59d0000 'C:\WINDOWS\System32\kernel32.dll' 3718.38f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1 3718.38f8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb4a90000 'api-ms-win-core-string-l1-1-0' 3718.38f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1 3718.38f8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb4a90000 'api-ms-win-core-datetime-l1-1-1' 3718.38f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1 3718.38f8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb4a90000 'api-ms-win-core-localization-obsolete-l1-2-0' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb7840000 'C:\WINDOWS\System32\ADVAPI32.DLL' 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\cryptbase.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptbase.dll 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb3b10000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb740b0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll' 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\platforms\qwindows.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3718.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffb827e0000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb827e0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll' 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\uxtheme.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\uxtheme.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 3718.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb2860000 LB 0x00095000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb2860000 'C:\WINDOWS\system32\uxtheme.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb5640000 'C:\WINDOWS\system32\user32.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb60c0000 'C:\WINDOWS\system32\shell32.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\SHCore.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb4db0000 'C:\WINDOWS\system32\SHCore.dll' 3718.38f8: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll' 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'win32u.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'user32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'gdi32.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dwmapi.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dwmapi.dll 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb2030000 LB 0x00026000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dwmapi.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume1\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\win32u.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb2650000 'C:\WINDOWS\system32\winmm.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb2650000 'C:\WINDOWS\system32\winmm.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb60c0000 'C:\WINDOWS\system32\shell32.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb2860000 'C:\WINDOWS\system32\uxtheme.dll' 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb7800000 'C:\WINDOWS\system32\gdi32.dll' 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb75d0000 LB 0x0015a000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'oleaut32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'user32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'imm32.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msctf.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msctf.dll 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb5ab0000 'C:\WINDOWS\System32\rpcrt4.dll' 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb7a10000 LB 0x0009f000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\clbcatq.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\clbcatq.dll 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd3d11.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dcomp.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\DataExchange.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\DataExchange.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume1\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dcomp.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dcomp.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume1\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'win32u.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\d3d11.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\d3d11.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume1\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\combase.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume1\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\SHCore.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume1\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\win32u.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume1\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dxgi.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dxgi.dll 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume1\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\win32u.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume1\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\win32u.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 3718.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\DataExchange.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\d3d11.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dcomp.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dxgi.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb30e0000 LB 0x0009f000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dxgi.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbaf230000 LB 0x002b6000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\d3d11.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb1e30000 LB 0x00151000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dcomp.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffb88130000 LB 0x00049000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\DataExchange.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb88130000 'C:\WINDOWS\system32\dataexchange.dll' 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'bcrypt.dll'. 3718.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'. 3718.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\twinapi.appcore.dll) 3718.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\twinapi.appcore.dll 3718.38f8: supR3HardenedDllNotificationCallback: load 00007ffbb2b40000 LB 0x0011c000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\twinapi.appcore.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msctf.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume1\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\combase.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3718.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3718.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 3718.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb75d0000 'C:\WINDOWS\System32\MSCTF.dll'