2c64.2c10: Log file opened: 5.2.8r121009 g_hStartupLog=00000000000001c0 g_uNtVerCombined=0xa03fab00 2c64.2c10: \SystemRoot\System32\ntdll.dll: 2c64.2c10: CreationTime: 2017-09-29T13:41:43.343111100Z 2c64.2c10: LastWriteTime: 2017-09-29T13:41:43.358737200Z 2c64.2c10: ChangeTime: 2018-07-12T10:30:05.494279700Z 2c64.2c10: FileAttributes: 0x20 2c64.2c10: Size: 0x1dd100 2c64.2c10: NT Headers: 0xe0 2c64.2c10: Timestamp: 0x493793ea 2c64.2c10: Machine: 0x8664 - amd64 2c64.2c10: Timestamp: 0x493793ea 2c64.2c10: Image Version: 10.0 2c64.2c10: SizeOfImage: 0x1e0000 (1966080) 2c64.2c10: Resource Dir: 0x174000 LB 0x6a1d8 2c64.2c10: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 2c64.2c10: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)] 2c64.2c10: ProductName: Microsoft® Windows® Operating System 2c64.2c10: ProductVersion: 10.0.16299.15 2c64.2c10: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 2c64.2c10: FileDescription: NT Layer DLL 2c64.2c10: \SystemRoot\System32\kernel32.dll: 2c64.2c10: CreationTime: 2017-09-29T13:42:04.954227600Z 2c64.2c10: LastWriteTime: 2017-09-29T13:42:04.954227600Z 2c64.2c10: ChangeTime: 2018-07-12T10:40:40.651114600Z 2c64.2c10: FileAttributes: 0x20 2c64.2c10: Size: 0xab868 2c64.2c10: NT Headers: 0xe8 2c64.2c10: Timestamp: 0xc2cf900 2c64.2c10: Machine: 0x8664 - amd64 2c64.2c10: Timestamp: 0xc2cf900 2c64.2c10: Image Version: 10.0 2c64.2c10: SizeOfImage: 0xae000 (712704) 2c64.2c10: Resource Dir: 0xac000 LB 0x520 2c64.2c10: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2c64.2c10: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 2c64.2c10: ProductName: Microsoft® Windows® Operating System 2c64.2c10: ProductVersion: 10.0.16299.15 2c64.2c10: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 2c64.2c10: FileDescription: Windows NT BASE API Client DLL 2c64.2c10: \SystemRoot\System32\KernelBase.dll: 2c64.2c10: CreationTime: 2017-09-29T13:41:43.124345500Z 2c64.2c10: LastWriteTime: 2017-09-29T13:41:43.124345500Z 2c64.2c10: ChangeTime: 2018-07-12T10:40:40.841477200Z 2c64.2c10: FileAttributes: 0x20 2c64.2c10: Size: 0x266000 2c64.2c10: NT Headers: 0xf0 2c64.2c10: Timestamp: 0x4736733c 2c64.2c10: Machine: 0x8664 - amd64 2c64.2c10: Timestamp: 0x4736733c 2c64.2c10: Image Version: 10.0 2c64.2c10: SizeOfImage: 0x266000 (2514944) 2c64.2c10: Resource Dir: 0x245000 LB 0x548 2c64.2c10: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2c64.2c10: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 2c64.2c10: ProductName: Microsoft® Windows® Operating System 2c64.2c10: ProductVersion: 10.0.16299.15 2c64.2c10: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 2c64.2c10: FileDescription: Windows NT BASE API Client DLL 2c64.2c10: \SystemRoot\System32\apisetschema.dll: 2c64.2c10: CreationTime: 2017-09-29T13:42:07.095026600Z 2c64.2c10: LastWriteTime: 2017-09-29T13:42:07.095026600Z 2c64.2c10: ChangeTime: 2018-07-25T09:13:31.774798400Z 2c64.2c10: FileAttributes: 0x20 2c64.2c10: Size: 0x1b398 2c64.2c10: NT Headers: 0xc8 2c64.2c10: Timestamp: 0xf30abf31 2c64.2c10: Machine: 0x8664 - amd64 2c64.2c10: Timestamp: 0xf30abf31 2c64.2c10: Image Version: 10.0 2c64.2c10: SizeOfImage: 0x1c000 (114688) 2c64.2c10: Resource Dir: 0x1b000 LB 0x408 2c64.2c10: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2c64.2c10: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 2c64.2c10: ProductName: Microsoft® Windows® Operating System 2c64.2c10: ProductVersion: 10.0.16299.15 2c64.2c10: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 2c64.2c10: FileDescription: ApiSet Schema DLL 2c64.2c10: NtOpenDirectoryObject failed on \Driver: 0xc0000022 2c64.2c10: supR3HardenedWinFindAdversaries: 0x20 2c64.2c10: \SystemRoot\System32\drivers\mfeavfk.sys: 2c64.2c10: CreationTime: 2018-07-12T10:46:36.741806000Z 2c64.2c10: LastWriteTime: 2018-07-12T10:56:21.599804700Z 2c64.2c10: ChangeTime: 2018-07-12T10:56:21.599804700Z 2c64.2c10: FileAttributes: 0x20 2c64.2c10: Size: 0x585a0 2c64.2c10: NT Headers: 0xe8 2c64.2c10: Timestamp: 0x5adeb689 2c64.2c10: Machine: 0x8664 - amd64 2c64.2c10: Timestamp: 0x5adeb689 2c64.2c10: Image Version: 0.0 2c64.2c10: SizeOfImage: 0x58000 (360448) 2c64.2c10: Resource Dir: 0x56000 LB 0x758 2c64.2c10: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 2c64.2c10: [Raw version resource data: 0x56110 LB 0x334, codepage 0x0 (reserved 0x0)] 2c64.2c10: ProductName: SYSCORE 2c64.2c10: ProductVersion: 18.5.0.131 2c64.2c10: FileVersion: SYSCORE.18.5.0.131 2c64.2c10: PrivateBuild: SYSCORE.18.5.0.131 F15,F16,F19 2c64.2c10: FileDescription: Anti-Virus File System Filter Driver 2c64.2c10: \SystemRoot\System32\drivers\mfefirek.sys: 2c64.2c10: CreationTime: 2018-07-12T10:46:36.788679500Z 2c64.2c10: LastWriteTime: 2018-07-12T10:56:21.646463400Z 2c64.2c10: ChangeTime: 2018-07-12T10:56:34.492432800Z 2c64.2c10: FileAttributes: 0x20 2c64.2c10: Size: 0x823a0 2c64.2c10: NT Headers: 0xf0 2c64.2c10: Timestamp: 0x5adeb72d 2c64.2c10: Machine: 0x8664 - amd64 2c64.2c10: Timestamp: 0x5adeb72d 2c64.2c10: Image Version: 0.0 2c64.2c10: SizeOfImage: 0x84000 (540672) 2c64.2c10: Resource Dir: 0x80000 LB 0x388 2c64.2c10: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2c64.2c10: [Raw version resource data: 0x80060 LB 0x328, codepage 0x0 (reserved 0x0)] 2c64.2c10: ProductName: SYSCORE 2c64.2c10: ProductVersion: 18.5.0.131 2c64.2c10: FileVersion: SYSCORE.18.5.0.131 2c64.2c10: PrivateBuild: SYSCORE.18.5.0.131 F17,F18 2c64.2c10: FileDescription: McAfee Core Firewall Engine Driver 2c64.2c10: \SystemRoot\System32\drivers\mfehidk.sys: 2c64.2c10: CreationTime: 2018-07-12T10:46:36.694918500Z 2c64.2c10: LastWriteTime: 2018-07-12T10:56:21.553144900Z 2c64.2c10: ChangeTime: 2018-07-12T10:56:21.553144900Z 2c64.2c10: FileAttributes: 0x20 2c64.2c10: Size: 0xe91a0 2c64.2c10: NT Headers: 0x100 2c64.2c10: Timestamp: 0x5adeb60f 2c64.2c10: Machine: 0x8664 - amd64 2c64.2c10: Timestamp: 0x5adeb60f 2c64.2c10: Image Version: 0.0 2c64.2c10: SizeOfImage: 0xf2000 (991232) 2c64.2c10: Resource Dir: 0xee000 LB 0x758 2c64.2c10: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 2c64.2c10: [Raw version resource data: 0xee110 LB 0x320, codepage 0x0 (reserved 0x0)] 2c64.2c10: ProductName: SYSCORE 2c64.2c10: ProductVersion: 18.5.0.131 2c64.2c10: FileVersion: SYSCORE.18.5.0.131 2c64.2c10: PrivateBuild: SYSCORE.18.5.0.131 F14,F15,F16,F18,F20 2c64.2c10: FileDescription: McAfee Link Driver 2c64.2c10: \SystemRoot\System32\drivers\mfencbdc.sys: 2c64.2c10: CreationTime: 2018-05-03T08:03:30.000000000Z 2c64.2c10: LastWriteTime: 2018-05-03T08:03:30.000000000Z 2c64.2c10: ChangeTime: 2018-07-12T11:02:39.900398000Z 2c64.2c10: FileAttributes: 0x20 2c64.2c10: Size: 0x86590 2c64.2c10: NT Headers: 0xe0 2c64.2c10: Timestamp: 0x5ae0c367 2c64.2c10: Machine: 0x8664 - amd64 2c64.2c10: Timestamp: 0x5ae0c367 2c64.2c10: Image Version: 0.0 2c64.2c10: SizeOfImage: 0x8a000 (565248) 2c64.2c10: Resource Dir: 0x88000 LB 0x3e0 2c64.2c10: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2c64.2c10: [Raw version resource data: 0x88060 LB 0x380, codepage 0x0 (reserved 0x0)] 2c64.2c10: ProductName: Anti-Malware Core 2c64.2c10: ProductVersion: 18.5.0 2c64.2c10: FileVersion: Anti-Malware Core.18.5.0.287.x64 2c64.2c10: PrivateBuild: Anti-Malware Core.18.5.0.287.x64 2c64.2c10: FileDescription: Event Driver 2c64.2c10: \SystemRoot\System32\drivers\mfewfpk.sys: 2c64.2c10: CreationTime: 2018-07-12T10:46:36.710551900Z 2c64.2c10: LastWriteTime: 2018-07-12T10:56:21.553144900Z 2c64.2c10: ChangeTime: 2018-07-12T10:56:34.160160500Z 2c64.2c10: FileAttributes: 0x20 2c64.2c10: Size: 0x3dba0 2c64.2c10: NT Headers: 0x100 2c64.2c10: Timestamp: 0x5adeb629 2c64.2c10: Machine: 0x8664 - amd64 2c64.2c10: Timestamp: 0x5adeb629 2c64.2c10: Image Version: 0.0 2c64.2c10: SizeOfImage: 0x59000 (364544) 2c64.2c10: Resource Dir: 0x57000 LB 0x380 2c64.2c10: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2c64.2c10: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)] 2c64.2c10: ProductName: SYSCORE 2c64.2c10: ProductVersion: 18.5.0.131 2c64.2c10: FileVersion: SYSCORE.18.5.0.131 2c64.2c10: PrivateBuild: SYSCORE.18.5.0.131 F17,F18 2c64.2c10: FileDescription: Anti-Virus Mini-Firewall Driver 2c64.2c10: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 2c64.2c10: Calling main() 2c64.2c10: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 2c64.2c10: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 2c64.2c10: SUPR3HardenedMain: Respawn #1 2c64.2c10: System32: \Device\HarddiskVolume3\Windows\System32 2c64.2c10: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS 2c64.2c10: KnownDllPath: C:\WINDOWS\System32 2c64.2c10: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 2c64.2c10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe) 2c64.2c10: supR3HardNtEnableThreadCreation: 2c64.2c10: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9a36b91b0 pvNtTerminateThread=00007ff9a36e0890 2c64.2c10: supR3HardenedWinDoReSpawn(1): New child 3cac.325c [kernel32]. 2c64.2c10: supR3HardNtChildGatherData: PebBaseAddress=0000000000ec6000 cbPeb=0x388 2c64.2c10: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff9a3640000 uNtDllChildAddr=00007ff9a3640000 2c64.2c10: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff9a36b91b0 2c64.2c10: supR3HardenedWinSetupChildInit: Start child. 2c64.2c10: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms. 2c64.2c10: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 59 sleeps 2c64.2c10: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 2c64.2c10: *0000000000000000-0000000000d0ffff 0x0001/0x0000 0x0000000 2c64.2c10: *0000000000d10000-0000000000d2ffff 0x0004/0x0004 0x0020000 2c64.2c10: *0000000000d30000-0000000000d48fff 0x0002/0x0002 0x0040000 2c64.2c10: 0000000000d49000-0000000000d4ffff 0x0001/0x0000 0x0000000 2c64.2c10: *0000000000d50000-0000000000d53fff 0x0002/0x0002 0x0040000 2c64.2c10: 0000000000d54000-0000000000d5ffff 0x0001/0x0000 0x0000000 2c64.2c10: *0000000000d60000-0000000000d60fff 0x0004/0x0004 0x0020000 2c64.2c10: 0000000000d61000-0000000000dfffff 0x0001/0x0000 0x0000000 2c64.2c10: *0000000000e00000-0000000000ec5fff 0x0000/0x0004 0x0020000 2c64.2c10: 0000000000ec6000-0000000000ec8fff 0x0004/0x0004 0x0020000 2c64.2c10: 0000000000ec9000-0000000000ffffff 0x0000/0x0004 0x0020000 2c64.2c10: *0000000001000000-00000000010fafff 0x0000/0x0004 0x0020000 2c64.2c10: 00000000010fb000-00000000010fdfff 0x0104/0x0004 0x0020000 2c64.2c10: 00000000010fe000-00000000010fffff 0x0004/0x0004 0x0020000 2c64.2c10: 0000000001100000-000000007ffdffff 0x0001/0x0000 0x0000000 2c64.2c10: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 2c64.2c10: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 2c64.2c10: 000000007fff0000-00007ff7c63cffff 0x0001/0x0000 0x0000000 2c64.2c10: *00007ff7c63d0000-00007ff7c63f2fff 0x0002/0x0002 0x0040000 2c64.2c10: 00007ff7c63f3000-00007ff7c69effff 0x0001/0x0000 0x0000000 2c64.2c10: *00007ff7c69f0000-00007ff7c69f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2c64.2c10: 00007ff7c69f1000-00007ff7c6a61fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2c64.2c10: 00007ff7c6a62000-00007ff7c6a62fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2c64.2c10: 00007ff7c6a63000-00007ff7c6aa8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2c64.2c10: 00007ff7c6aa9000-00007ff7c6aa9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2c64.2c10: 00007ff7c6aaa000-00007ff7c6aaafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2c64.2c10: 00007ff7c6aab000-00007ff7c6aaffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2c64.2c10: 00007ff7c6ab0000-00007ff7c6ab0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2c64.2c10: 00007ff7c6ab1000-00007ff7c6ab1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2c64.2c10: 00007ff7c6ab2000-00007ff7c6ab5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2c64.2c10: 00007ff7c6ab6000-00007ff7c6afdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2c64.2c10: 00007ff7c6afe000-00007ff9a363ffff 0x0001/0x0000 0x0000000 2c64.2c10: *00007ff9a3640000-00007ff9a3640fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2c64.2c10: 00007ff9a3641000-00007ff9a3752fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2c64.2c10: 00007ff9a3753000-00007ff9a3798fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2c64.2c10: 00007ff9a3799000-00007ff9a379efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2c64.2c10: 00007ff9a379f000-00007ff9a379ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2c64.2c10: 00007ff9a37a0000-00007ff9a37a0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2c64.2c10: 00007ff9a37a1000-00007ff9a37aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2c64.2c10: 00007ff9a37af000-00007ff9a37affff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2c64.2c10: 00007ff9a37b0000-00007ff9a37b2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2c64.2c10: 00007ff9a37b3000-00007ff9a381ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2c64.2c10: 00007ff9a3820000-00007ffffffdffff 0x0001/0x0000 0x0000000 2c64.2c10: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000 2c64.2c10: VirtualBox.exe: timestamp 0x5a942b95 (rc=VINF_SUCCESS) 2c64.2c10: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 2c64.2c10: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports 2c64.2c10: supR3HardNtChildPurify: Done after 545 ms and 0 fixes (loop #0). 2c64.2c10: supR3HardNtEnableThreadCreation: 3cac.325c: Log file opened: 5.2.8r121009 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03fab00 3cac.325c: supR3HardenedVmProcessInit: uNtDllAddr=00007ff9a3640000 g_uNtVerCombined=0xa03fab00 3cac.325c: ntdll.dll: timestamp 0x493793ea (rc=VINF_SUCCESS) 3cac.325c: New simple heap: #1 0000000001200000 LB 0x400000 (for 1966080 allocation) 3cac.325c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 3cac.325c: System32: \Device\HarddiskVolume3\Windows\System32 3cac.325c: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS 3cac.325c: KnownDllPath: C:\WINDOWS\System32 3cac.325c: supR3HardenedVmProcessInit: Opening vboxdrv stub... 3cac.325c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 3cac.325c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 3cac.325c: Registered Dll notification callback with NTDLL. 3cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll) 3cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll 3cac.325c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] 3cac.325c: supR3HardenedDllNotificationCallback: load 00007ff99fcd0000 LB 0x00266000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0] 3cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll) 3cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 3cac.325c: supR3HardenedDllNotificationCallback: load 00007ff9a0b10000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0] 3cac.325c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0b10000 'C:\WINDOWS\System32\KERNEL32.DLL' 3cac.325c: supR3HardenedDllNotificationCallback: load 00007ff7c69f0000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 3cac.325c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 3cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe) 3cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'. 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'dnsapi.dll'. 3cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\QIPCAP64.dll) 3cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\QIPCAP64.dll 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dnsapi.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dnsapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dnsapi.dll' [rcNtRedir=0xc0150008] 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'ws2_32.dll'. 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'nsi.dll'. 3cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dnsapi.dll) 3cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dnsapi.dll 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #73 'user32.dll'. 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'gdi32.dll'. 3cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll) 3cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'. 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'. 3cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll) 3cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll) 3cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008] 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 3cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll) 3cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll) 3cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll) 3cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'. 3cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) 3cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 3cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll) 3cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 3cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) 3cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 3cac.325c: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports 3cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll) 3cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\QIPCAP64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3cac.325c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\QIPCAP64.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dnsapi.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedDllNotificationCallback: load 00007ff9a1fb0000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0] 3cac.325c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedDllNotificationCallback: load 00007ff9a0bc0000 LB 0x0011f000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0] 3cac.325c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedDllNotificationCallback: load 00007ff9a0d00000 LB 0x0005b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0] 3cac.325c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedDllNotificationCallback: load 00007ff9a1b30000 LB 0x000a1000 C:\WINDOWS\System32\ADVAPI32.dll [fFlags=0x0] 3cac.325c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedDllNotificationCallback: load 00007ff99ff40000 LB 0x000f6000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0] 3cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll) 3cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll 3cac.325c: supR3HardenedDllNotificationCallback: load 00007ff99fc80000 LB 0x0004a000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0] 3cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll) 3cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll 3cac.325c: supR3HardenedDllNotificationCallback: load 00007ff9a0040000 LB 0x00072000 C:\WINDOWS\System32\bcryptPrimitives.dll [fFlags=0x0] 3cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll) 3cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll 3cac.325c: supR3HardenedDllNotificationCallback: load 00007ff9a1ca0000 LB 0x00308000 C:\WINDOWS\System32\combase.dll [fFlags=0x0] 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'. 3cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll) 3cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll 3cac.325c: supR3HardenedDllNotificationCallback: load 00007ff9a1bf0000 LB 0x000a6000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0] 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'rpcrt4.dll'. 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'. 3cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll) 3cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll 3cac.325c: supR3HardenedDllNotificationCallback: load 00007ff99fa40000 LB 0x0009b000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0] 3cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll) 3cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll 3cac.325c: supR3HardenedDllNotificationCallback: load 00007ff9a0870000 LB 0x00020000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0] 3cac.325c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedDllNotificationCallback: load 00007ff9a1670000 LB 0x0018e000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0] 3cac.325c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedDllNotificationCallback: load 00007ff99fae0000 LB 0x00191000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0] 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'. 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'user32.dll'. 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'win32u.dll'. 3cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll) 3cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll 3cac.325c: supR3HardenedDllNotificationCallback: load 00007ff9a3570000 LB 0x00028000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0] 3cac.325c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedDllNotificationCallback: load 00007ff9a11b0000 LB 0x00051000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0] 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'gdi32.dll'. 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'user32.dll'. 3cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll) 3cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll 3cac.325c: supR3HardenedDllNotificationCallback: load 00007ff99f9b0000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0] 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'. 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'. 3cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll) 3cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll 3cac.325c: supR3HardenedDllNotificationCallback: load 00007ff99f9f0000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0] 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'. 3cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll) 3cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll 3cac.325c: supR3HardenedDllNotificationCallback: load 00007ff99f990000 LB 0x0001b000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0] 3cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll) 3cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll 3cac.325c: supR3HardenedDllNotificationCallback: load 00007ff9a00c0000 LB 0x00747000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0] 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'. 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'combase.dll'. 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'profapi.dll'. 3cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll) 3cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll 3cac.325c: supR3HardenedDllNotificationCallback: load 00007ff9a2120000 LB 0x01437000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0] 3cac.325c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedDllNotificationCallback: load 00007ff9a35a0000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0] 3cac.325c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedDllNotificationCallback: load 00007ff9a1be0000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0] 3cac.325c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedDllNotificationCallback: load 00007ff99ef90000 LB 0x000b6000 C:\WINDOWS\SYSTEM32\DNSAPI.dll [fFlags=0x0] 3cac.325c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dnsapi.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedDllNotificationCallback: load 0000000068000000 LB 0x0005e000 C:\WINDOWS\System32\QIPCAP64.dll [fFlags=0x0] 3cac.325c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\QIPCAP64.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 3cac.325c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 3cac.325c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-synch-l1-2-0' 3cac.325c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 3cac.325c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 3cac.325c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-fibers-l1-1-1' 3cac.325c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 3cac.325c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 3cac.325c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-fibers-l1-1-1' 3cac.325c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 3cac.325c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 3cac.325c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-synch-l1-2-0' 3cac.325c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1 3cac.325c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 3cac.325c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-localization-l1-2-1' 3cac.325c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] 3cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 3cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 3cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 3cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 3cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] 3cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 3cac.325c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0b10000 'C:\WINDOWS\System32\kernel32.dll' 3cac.325c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1 3cac.325c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 3cac.325c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-string-l1-1-0' 3cac.325c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1 3cac.325c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 3cac.325c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-datetime-l1-1-1' 3cac.325c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1 3cac.325c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 3cac.325c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-localization-obsolete-l1-2-0' 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'. 3cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'. 3cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll) 3cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 3cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 3cac.325c: supR3HardenedDllNotificationCallback: load 00007ff9a18a0000 LB 0x0002d000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0] 3cac.325c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust] 3cac.325c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a18a0000 'C:\WINDOWS\system32\IMM32.DLL' 3cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) 3cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL 3cac.325c: supR3HardenedDllNotificationCallback: load 00007ff99ef50000 LB 0x00039000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0] 3cac.325c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL [lacks WinVerifyTrust] 3cac.325c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000068000000 'C:\WINDOWS\System32\QIPCAP64.dll' 3cac.325c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9a36b91b0 pvNtTerminateThread=00007ff9a36e0890 2c64.2c10: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 913 ms. 3cac.325c: \SystemRoot\System32\ntdll.dll: 3cac.325c: CreationTime: 2017-09-29T13:41:43.343111100Z 3cac.325c: LastWriteTime: 2017-09-29T13:41:43.358737200Z 3cac.325c: ChangeTime: 2018-07-12T10:30:05.494279700Z 3cac.325c: FileAttributes: 0x20 3cac.325c: Size: 0x1dd100 3cac.325c: NT Headers: 0xe0 3cac.325c: Timestamp: 0x493793ea 3cac.325c: Machine: 0x8664 - amd64 3cac.325c: Timestamp: 0x493793ea 3cac.325c: Image Version: 10.0 3cac.325c: SizeOfImage: 0x1e0000 (1966080) 3cac.325c: Resource Dir: 0x174000 LB 0x6a1d8 3cac.325c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 3cac.325c: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)] 3cac.325c: ProductName: Microsoft® Windows® Operating System 3cac.325c: ProductVersion: 10.0.16299.15 3cac.325c: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 3cac.325c: FileDescription: NT Layer DLL 3cac.325c: \SystemRoot\System32\kernel32.dll: 3cac.325c: CreationTime: 2017-09-29T13:42:04.954227600Z 3cac.325c: LastWriteTime: 2017-09-29T13:42:04.954227600Z 3cac.325c: ChangeTime: 2018-07-12T10:40:40.651114600Z 3cac.325c: FileAttributes: 0x20 3cac.325c: Size: 0xab868 3cac.325c: NT Headers: 0xe8 3cac.325c: Timestamp: 0xc2cf900 3cac.325c: Machine: 0x8664 - amd64 3cac.325c: Timestamp: 0xc2cf900 3cac.325c: Image Version: 10.0 3cac.325c: SizeOfImage: 0xae000 (712704) 3cac.325c: Resource Dir: 0xac000 LB 0x520 3cac.325c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 3cac.325c: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 3cac.325c: ProductName: Microsoft® Windows® Operating System 3cac.325c: ProductVersion: 10.0.16299.15 3cac.325c: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 3cac.325c: FileDescription: Windows NT BASE API Client DLL 3cac.325c: \SystemRoot\System32\KernelBase.dll: 3cac.325c: CreationTime: 2017-09-29T13:41:43.124345500Z 3cac.325c: LastWriteTime: 2017-09-29T13:41:43.124345500Z 3cac.325c: ChangeTime: 2018-07-12T10:40:40.841477200Z 3cac.325c: FileAttributes: 0x20 3cac.325c: Size: 0x266000 3cac.325c: NT Headers: 0xf0 3cac.325c: Timestamp: 0x4736733c 3cac.325c: Machine: 0x8664 - amd64 3cac.325c: Timestamp: 0x4736733c 3cac.325c: Image Version: 10.0 3cac.325c: SizeOfImage: 0x266000 (2514944) 3cac.325c: Resource Dir: 0x245000 LB 0x548 3cac.325c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 3cac.325c: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 3cac.325c: ProductName: Microsoft® Windows® Operating System 3cac.325c: ProductVersion: 10.0.16299.15 3cac.325c: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 3cac.325c: FileDescription: Windows NT BASE API Client DLL 3cac.325c: \SystemRoot\System32\apisetschema.dll: 3cac.325c: CreationTime: 2017-09-29T13:42:07.095026600Z 3cac.325c: LastWriteTime: 2017-09-29T13:42:07.095026600Z 3cac.325c: ChangeTime: 2018-07-25T09:13:31.774798400Z 3cac.325c: FileAttributes: 0x20 3cac.325c: Size: 0x1b398 3cac.325c: NT Headers: 0xc8 3cac.325c: Timestamp: 0xf30abf31 3cac.325c: Machine: 0x8664 - amd64 3cac.325c: Timestamp: 0xf30abf31 3cac.325c: Image Version: 10.0 3cac.325c: SizeOfImage: 0x1c000 (114688) 3cac.325c: Resource Dir: 0x1b000 LB 0x408 3cac.325c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 3cac.325c: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 3cac.325c: ProductName: Microsoft® Windows® Operating System 3cac.325c: ProductVersion: 10.0.16299.15 3cac.325c: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 3cac.325c: FileDescription: ApiSet Schema DLL 3cac.325c: NtOpenDirectoryObject failed on \Driver: 0xc0000022 3cac.325c: supR3HardenedWinFindAdversaries: 0x20 3cac.325c: \SystemRoot\System32\drivers\mfeavfk.sys: 3cac.325c: CreationTime: 2018-07-12T10:46:36.741806000Z 3cac.325c: LastWriteTime: 2018-07-12T10:56:21.599804700Z 3cac.325c: ChangeTime: 2018-07-12T10:56:21.599804700Z 3cac.325c: FileAttributes: 0x20 3cac.325c: Size: 0x585a0 3cac.325c: NT Headers: 0xe8 3cac.325c: Timestamp: 0x5adeb689 3cac.325c: Machine: 0x8664 - amd64 3cac.325c: Timestamp: 0x5adeb689 3cac.325c: Image Version: 0.0 3cac.325c: SizeOfImage: 0x58000 (360448) 3cac.325c: Resource Dir: 0x56000 LB 0x758 3cac.325c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 3cac.325c: [Raw version resource data: 0x56110 LB 0x334, codepage 0x0 (reserved 0x0)] 3cac.325c: ProductName: SYSCORE 3cac.325c: ProductVersion: 18.5.0.131 3cac.325c: FileVersion: SYSCORE.18.5.0.131 3cac.325c: PrivateBuild: SYSCORE.18.5.0.131 F15,F16,F19 3cac.325c: FileDescription: Anti-Virus File System Filter Driver 3cac.325c: \SystemRoot\System32\drivers\mfefirek.sys: 3cac.325c: CreationTime: 2018-07-12T10:46:36.788679500Z 3cac.325c: LastWriteTime: 2018-07-12T10:56:21.646463400Z 3cac.325c: ChangeTime: 2018-07-12T10:56:34.492432800Z 3cac.325c: FileAttributes: 0x20 3cac.325c: Size: 0x823a0 3cac.325c: NT Headers: 0xf0 3cac.325c: Timestamp: 0x5adeb72d 3cac.325c: Machine: 0x8664 - amd64 3cac.325c: Timestamp: 0x5adeb72d 3cac.325c: Image Version: 0.0 3cac.325c: SizeOfImage: 0x84000 (540672) 3cac.325c: Resource Dir: 0x80000 LB 0x388 3cac.325c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 3cac.325c: [Raw version resource data: 0x80060 LB 0x328, codepage 0x0 (reserved 0x0)] 3cac.325c: ProductName: SYSCORE 3cac.325c: ProductVersion: 18.5.0.131 3cac.325c: FileVersion: SYSCORE.18.5.0.131 3cac.325c: PrivateBuild: SYSCORE.18.5.0.131 F17,F18 3cac.325c: FileDescription: McAfee Core Firewall Engine Driver 3cac.325c: \SystemRoot\System32\drivers\mfehidk.sys: 3cac.325c: CreationTime: 2018-07-12T10:46:36.694918500Z 3cac.325c: LastWriteTime: 2018-07-12T10:56:21.553144900Z 3cac.325c: ChangeTime: 2018-07-12T10:56:21.553144900Z 3cac.325c: FileAttributes: 0x20 3cac.325c: Size: 0xe91a0 3cac.325c: NT Headers: 0x100 3cac.325c: Timestamp: 0x5adeb60f 3cac.325c: Machine: 0x8664 - amd64 3cac.325c: Timestamp: 0x5adeb60f 3cac.325c: Image Version: 0.0 3cac.325c: SizeOfImage: 0xf2000 (991232) 3cac.325c: Resource Dir: 0xee000 LB 0x758 3cac.325c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 3cac.325c: [Raw version resource data: 0xee110 LB 0x320, codepage 0x0 (reserved 0x0)] 3cac.325c: ProductName: SYSCORE 3cac.325c: ProductVersion: 18.5.0.131 3cac.325c: FileVersion: SYSCORE.18.5.0.131 3cac.325c: PrivateBuild: SYSCORE.18.5.0.131 F14,F15,F16,F18,F20 3cac.325c: FileDescription: McAfee Link Driver 3cac.325c: \SystemRoot\System32\drivers\mfencbdc.sys: 3cac.325c: CreationTime: 2018-05-03T08:03:30.000000000Z 3cac.325c: LastWriteTime: 2018-05-03T08:03:30.000000000Z 3cac.325c: ChangeTime: 2018-07-12T11:02:39.900398000Z 3cac.325c: FileAttributes: 0x20 3cac.325c: Size: 0x86590 3cac.325c: NT Headers: 0xe0 3cac.325c: Timestamp: 0x5ae0c367 3cac.325c: Machine: 0x8664 - amd64 3cac.325c: Timestamp: 0x5ae0c367 3cac.325c: Image Version: 0.0 3cac.325c: SizeOfImage: 0x8a000 (565248) 3cac.325c: Resource Dir: 0x88000 LB 0x3e0 3cac.325c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 3cac.325c: [Raw version resource data: 0x88060 LB 0x380, codepage 0x0 (reserved 0x0)] 3cac.325c: ProductName: Anti-Malware Core 3cac.325c: ProductVersion: 18.5.0 3cac.325c: FileVersion: Anti-Malware Core.18.5.0.287.x64 3cac.325c: PrivateBuild: Anti-Malware Core.18.5.0.287.x64 3cac.325c: FileDescription: Event Driver 3cac.325c: \SystemRoot\System32\drivers\mfewfpk.sys: 3cac.325c: CreationTime: 2018-07-12T10:46:36.710551900Z 3cac.325c: LastWriteTime: 2018-07-12T10:56:21.553144900Z 3cac.325c: ChangeTime: 2018-07-12T10:56:34.160160500Z 3cac.325c: FileAttributes: 0x20 3cac.325c: Size: 0x3dba0 3cac.325c: NT Headers: 0x100 3cac.325c: Timestamp: 0x5adeb629 3cac.325c: Machine: 0x8664 - amd64 3cac.325c: Timestamp: 0x5adeb629 3cac.325c: Image Version: 0.0 3cac.325c: SizeOfImage: 0x59000 (364544) 3cac.325c: Resource Dir: 0x57000 LB 0x380 3cac.325c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 3cac.325c: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)] 3cac.325c: ProductName: SYSCORE 3cac.325c: ProductVersion: 18.5.0.131 3cac.325c: FileVersion: SYSCORE.18.5.0.131 3cac.325c: PrivateBuild: SYSCORE.18.5.0.131 F17,F18 3cac.325c: FileDescription: Anti-Virus Mini-Firewall Driver 3cac.325c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 3cac.325c: Calling main() 3cac.325c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 3cac.325c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 3cac.325c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 3cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe) 3cac.325c: SUPR3HardenedMain: Respawn #2 3cac.325c: supR3HardNtEnableThreadCreation: 3cac.325c: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports 3cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll) 3cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll 3cac.325c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 3cac.325c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a3640000 'C:\WINDOWS\System32\ntdll.dll' 3cac.325c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9a36b91b0 pvNtTerminateThread=00007ff9a36e0890 3cac.325c: supR3HardenedWinDoReSpawn(2): New child 24e4.25a8 [kernel32]. 3cac.325c: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless) 3cac.325c: supR3HardNtChildGatherData: PebBaseAddress=00000000007b8000 cbPeb=0x388 3cac.325c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff9a3640000 uNtDllChildAddr=00007ff9a3640000 3cac.325c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff9a36b91b0 3cac.325c: supR3HardenedWinSetupChildInit: Start child. 3cac.325c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 3cac.325c: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 59 sleeps 3cac.325c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 3cac.325c: *0000000000000000-000000000057ffff 0x0001/0x0000 0x0000000 3cac.325c: *0000000000580000-000000000059ffff 0x0004/0x0004 0x0020000 3cac.325c: *00000000005a0000-00000000005b8fff 0x0002/0x0002 0x0040000 3cac.325c: 00000000005b9000-00000000005bffff 0x0001/0x0000 0x0000000 3cac.325c: *00000000005c0000-00000000005c3fff 0x0002/0x0002 0x0040000 3cac.325c: 00000000005c4000-00000000005cffff 0x0001/0x0000 0x0000000 3cac.325c: *00000000005d0000-00000000005d0fff 0x0004/0x0004 0x0020000 3cac.325c: 00000000005d1000-00000000005fffff 0x0001/0x0000 0x0000000 3cac.325c: *0000000000600000-00000000007b7fff 0x0000/0x0004 0x0020000 3cac.325c: 00000000007b8000-00000000007bafff 0x0004/0x0004 0x0020000 3cac.325c: 00000000007bb000-00000000007fffff 0x0000/0x0004 0x0020000 3cac.325c: *0000000000800000-00000000008fafff 0x0000/0x0004 0x0020000 3cac.325c: 00000000008fb000-00000000008fdfff 0x0104/0x0004 0x0020000 3cac.325c: 00000000008fe000-00000000008fffff 0x0004/0x0004 0x0020000 3cac.325c: 0000000000900000-000000007ffdffff 0x0001/0x0000 0x0000000 3cac.325c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 3cac.325c: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 3cac.325c: 000000007fff0000-00007ff7c684ffff 0x0001/0x0000 0x0000000 3cac.325c: *00007ff7c6850000-00007ff7c6872fff 0x0002/0x0002 0x0040000 3cac.325c: 00007ff7c6873000-00007ff7c69effff 0x0001/0x0000 0x0000000 3cac.325c: *00007ff7c69f0000-00007ff7c69f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 3cac.325c: 00007ff7c69f1000-00007ff7c6a61fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 3cac.325c: 00007ff7c6a62000-00007ff7c6a62fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 3cac.325c: 00007ff7c6a63000-00007ff7c6aa8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 3cac.325c: 00007ff7c6aa9000-00007ff7c6aa9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 3cac.325c: 00007ff7c6aaa000-00007ff7c6aaafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 3cac.325c: 00007ff7c6aab000-00007ff7c6aaffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 3cac.325c: 00007ff7c6ab0000-00007ff7c6ab0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 3cac.325c: 00007ff7c6ab1000-00007ff7c6ab1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 3cac.325c: 00007ff7c6ab2000-00007ff7c6ab5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 3cac.325c: 00007ff7c6ab6000-00007ff7c6afdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 3cac.325c: 00007ff7c6afe000-00007ff9a363ffff 0x0001/0x0000 0x0000000 3cac.325c: *00007ff9a3640000-00007ff9a3640fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 3cac.325c: 00007ff9a3641000-00007ff9a3752fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 3cac.325c: 00007ff9a3753000-00007ff9a3798fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 3cac.325c: 00007ff9a3799000-00007ff9a37a0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 3cac.325c: 00007ff9a37a1000-00007ff9a37aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 3cac.325c: 00007ff9a37af000-00007ff9a37affff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 3cac.325c: 00007ff9a37b0000-00007ff9a37b2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 3cac.325c: 00007ff9a37b3000-00007ff9a381ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 3cac.325c: 00007ff9a3820000-00007ffffffdffff 0x0001/0x0000 0x0000000 3cac.325c: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000 3cac.325c: VirtualBox.exe: timestamp 0x5a942b95 (rc=VINF_SUCCESS) 3cac.325c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 3cac.325c: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports 3cac.325c: supR3HardNtChildPurify: Done after 542 ms and 0 fixes (loop #0). 3cac.325c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001200000 LB 0x400000) 3cac.325c: supR3HardNtEnableThreadCreation: 24e4.25a8: Log file opened: 5.2.8r121009 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03fab00 24e4.25a8: supR3HardenedVmProcessInit: uNtDllAddr=00007ff9a3640000 g_uNtVerCombined=0xa03fab00 24e4.25a8: ntdll.dll: timestamp 0x493793ea (rc=VINF_SUCCESS) 24e4.25a8: New simple heap: #1 0000000000a00000 LB 0x400000 (for 1966080 allocation) 24e4.25a8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 24e4.25a8: System32: \Device\HarddiskVolume3\Windows\System32 24e4.25a8: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS 24e4.25a8: KnownDllPath: C:\WINDOWS\System32 24e4.25a8: supR3HardenedVmProcessInit: Opening vboxdrv... 24e4.25a8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 24e4.25a8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 24e4.25a8: Registered Dll notification callback with NTDLL. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99fcd0000 LB 0x00266000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0] 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a0b10000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0b10000 'C:\WINDOWS\System32\KERNEL32.DLL' 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff7c69f0000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 24e4.25a8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'dnsapi.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\QIPCAP64.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\QIPCAP64.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dnsapi.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'dnsapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dnsapi.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'ws2_32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'nsi.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dnsapi.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dnsapi.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #73 'user32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'gdi32.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 24e4.25a8: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\QIPCAP64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\QIPCAP64.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dnsapi.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a1fb0000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a0bc0000 LB 0x0011f000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a0d00000 LB 0x0005b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a1b30000 LB 0x000a1000 C:\WINDOWS\System32\ADVAPI32.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99ff40000 LB 0x000f6000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0] 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99fc80000 LB 0x0004a000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0] 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a0040000 LB 0x00072000 C:\WINDOWS\System32\bcryptPrimitives.dll [fFlags=0x0] 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a1ca0000 LB 0x00308000 C:\WINDOWS\System32\combase.dll [fFlags=0x0] 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a1bf0000 LB 0x000a6000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0] 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'rpcrt4.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99fa40000 LB 0x0009b000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0] 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a0870000 LB 0x00020000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a1670000 LB 0x0018e000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99fae0000 LB 0x00191000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0] 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'user32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'win32u.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a3570000 LB 0x00028000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a11b0000 LB 0x00051000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0] 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'gdi32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'user32.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99f9b0000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0] 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99f9f0000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0] 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99f990000 LB 0x0001b000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0] 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a00c0000 LB 0x00747000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0] 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'combase.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'profapi.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a2120000 LB 0x01437000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a35a0000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a1be0000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99ef90000 LB 0x000b6000 C:\WINDOWS\SYSTEM32\DNSAPI.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dnsapi.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedDllNotificationCallback: load 0000000068000000 LB 0x0005e000 C:\WINDOWS\System32\QIPCAP64.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\QIPCAP64.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-synch-l1-2-0' 24e4.25a8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-fibers-l1-1-1' 24e4.25a8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-fibers-l1-1-1' 24e4.25a8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-synch-l1-2-0' 24e4.25a8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-localization-l1-2-1' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0b10000 'C:\WINDOWS\System32\kernel32.dll' 24e4.25a8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-string-l1-1-0' 24e4.25a8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-datetime-l1-1-1' 24e4.25a8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-localization-obsolete-l1-2-0' 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a18a0000 LB 0x0002d000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a18a0000 'C:\WINDOWS\system32\IMM32.DLL' 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99ef50000 LB 0x00039000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000068000000 'C:\WINDOWS\System32\QIPCAP64.dll' 24e4.25a8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9a36b91b0 pvNtTerminateThread=00007ff9a36e0890 3cac.325c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 477 ms. 24e4.25a8: \SystemRoot\System32\ntdll.dll: 24e4.25a8: CreationTime: 2017-09-29T13:41:43.343111100Z 24e4.25a8: LastWriteTime: 2017-09-29T13:41:43.358737200Z 24e4.25a8: ChangeTime: 2018-07-12T10:30:05.494279700Z 24e4.25a8: FileAttributes: 0x20 24e4.25a8: Size: 0x1dd100 24e4.25a8: NT Headers: 0xe0 24e4.25a8: Timestamp: 0x493793ea 24e4.25a8: Machine: 0x8664 - amd64 24e4.25a8: Timestamp: 0x493793ea 24e4.25a8: Image Version: 10.0 24e4.25a8: SizeOfImage: 0x1e0000 (1966080) 24e4.25a8: Resource Dir: 0x174000 LB 0x6a1d8 24e4.25a8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 24e4.25a8: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)] 24e4.25a8: ProductName: Microsoft® Windows® Operating System 24e4.25a8: ProductVersion: 10.0.16299.15 24e4.25a8: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 24e4.25a8: FileDescription: NT Layer DLL 24e4.25a8: \SystemRoot\System32\kernel32.dll: 24e4.25a8: CreationTime: 2017-09-29T13:42:04.954227600Z 24e4.25a8: LastWriteTime: 2017-09-29T13:42:04.954227600Z 24e4.25a8: ChangeTime: 2018-07-12T10:40:40.651114600Z 24e4.25a8: FileAttributes: 0x20 24e4.25a8: Size: 0xab868 24e4.25a8: NT Headers: 0xe8 24e4.25a8: Timestamp: 0xc2cf900 24e4.25a8: Machine: 0x8664 - amd64 24e4.25a8: Timestamp: 0xc2cf900 24e4.25a8: Image Version: 10.0 24e4.25a8: SizeOfImage: 0xae000 (712704) 24e4.25a8: Resource Dir: 0xac000 LB 0x520 24e4.25a8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 24e4.25a8: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 24e4.25a8: ProductName: Microsoft® Windows® Operating System 24e4.25a8: ProductVersion: 10.0.16299.15 24e4.25a8: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 24e4.25a8: FileDescription: Windows NT BASE API Client DLL 24e4.25a8: \SystemRoot\System32\KernelBase.dll: 24e4.25a8: CreationTime: 2017-09-29T13:41:43.124345500Z 24e4.25a8: LastWriteTime: 2017-09-29T13:41:43.124345500Z 24e4.25a8: ChangeTime: 2018-07-12T10:40:40.841477200Z 24e4.25a8: FileAttributes: 0x20 24e4.25a8: Size: 0x266000 24e4.25a8: NT Headers: 0xf0 24e4.25a8: Timestamp: 0x4736733c 24e4.25a8: Machine: 0x8664 - amd64 24e4.25a8: Timestamp: 0x4736733c 24e4.25a8: Image Version: 10.0 24e4.25a8: SizeOfImage: 0x266000 (2514944) 24e4.25a8: Resource Dir: 0x245000 LB 0x548 24e4.25a8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 24e4.25a8: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 24e4.25a8: ProductName: Microsoft® Windows® Operating System 24e4.25a8: ProductVersion: 10.0.16299.15 24e4.25a8: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 24e4.25a8: FileDescription: Windows NT BASE API Client DLL 24e4.25a8: \SystemRoot\System32\apisetschema.dll: 24e4.25a8: CreationTime: 2017-09-29T13:42:07.095026600Z 24e4.25a8: LastWriteTime: 2017-09-29T13:42:07.095026600Z 24e4.25a8: ChangeTime: 2018-07-25T09:13:31.774798400Z 24e4.25a8: FileAttributes: 0x20 24e4.25a8: Size: 0x1b398 24e4.25a8: NT Headers: 0xc8 24e4.25a8: Timestamp: 0xf30abf31 24e4.25a8: Machine: 0x8664 - amd64 24e4.25a8: Timestamp: 0xf30abf31 24e4.25a8: Image Version: 10.0 24e4.25a8: SizeOfImage: 0x1c000 (114688) 24e4.25a8: Resource Dir: 0x1b000 LB 0x408 24e4.25a8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 24e4.25a8: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 24e4.25a8: ProductName: Microsoft® Windows® Operating System 24e4.25a8: ProductVersion: 10.0.16299.15 24e4.25a8: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 24e4.25a8: FileDescription: ApiSet Schema DLL 24e4.25a8: NtOpenDirectoryObject failed on \Driver: 0xc0000022 24e4.25a8: supR3HardenedWinFindAdversaries: 0x20 24e4.25a8: \SystemRoot\System32\drivers\mfeavfk.sys: 24e4.25a8: CreationTime: 2018-07-12T10:46:36.741806000Z 24e4.25a8: LastWriteTime: 2018-07-12T10:56:21.599804700Z 24e4.25a8: ChangeTime: 2018-07-12T10:56:21.599804700Z 24e4.25a8: FileAttributes: 0x20 24e4.25a8: Size: 0x585a0 24e4.25a8: NT Headers: 0xe8 24e4.25a8: Timestamp: 0x5adeb689 24e4.25a8: Machine: 0x8664 - amd64 24e4.25a8: Timestamp: 0x5adeb689 24e4.25a8: Image Version: 0.0 24e4.25a8: SizeOfImage: 0x58000 (360448) 24e4.25a8: Resource Dir: 0x56000 LB 0x758 24e4.25a8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 24e4.25a8: [Raw version resource data: 0x56110 LB 0x334, codepage 0x0 (reserved 0x0)] 24e4.25a8: ProductName: SYSCORE 24e4.25a8: ProductVersion: 18.5.0.131 24e4.25a8: FileVersion: SYSCORE.18.5.0.131 24e4.25a8: PrivateBuild: SYSCORE.18.5.0.131 F15,F16,F19 24e4.25a8: FileDescription: Anti-Virus File System Filter Driver 24e4.25a8: \SystemRoot\System32\drivers\mfefirek.sys: 24e4.25a8: CreationTime: 2018-07-12T10:46:36.788679500Z 24e4.25a8: LastWriteTime: 2018-07-12T10:56:21.646463400Z 24e4.25a8: ChangeTime: 2018-07-12T10:56:34.492432800Z 24e4.25a8: FileAttributes: 0x20 24e4.25a8: Size: 0x823a0 24e4.25a8: NT Headers: 0xf0 24e4.25a8: Timestamp: 0x5adeb72d 24e4.25a8: Machine: 0x8664 - amd64 24e4.25a8: Timestamp: 0x5adeb72d 24e4.25a8: Image Version: 0.0 24e4.25a8: SizeOfImage: 0x84000 (540672) 24e4.25a8: Resource Dir: 0x80000 LB 0x388 24e4.25a8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 24e4.25a8: [Raw version resource data: 0x80060 LB 0x328, codepage 0x0 (reserved 0x0)] 24e4.25a8: ProductName: SYSCORE 24e4.25a8: ProductVersion: 18.5.0.131 24e4.25a8: FileVersion: SYSCORE.18.5.0.131 24e4.25a8: PrivateBuild: SYSCORE.18.5.0.131 F17,F18 24e4.25a8: FileDescription: McAfee Core Firewall Engine Driver 24e4.25a8: \SystemRoot\System32\drivers\mfehidk.sys: 24e4.25a8: CreationTime: 2018-07-12T10:46:36.694918500Z 24e4.25a8: LastWriteTime: 2018-07-12T10:56:21.553144900Z 24e4.25a8: ChangeTime: 2018-07-12T10:56:21.553144900Z 24e4.25a8: FileAttributes: 0x20 24e4.25a8: Size: 0xe91a0 24e4.25a8: NT Headers: 0x100 24e4.25a8: Timestamp: 0x5adeb60f 24e4.25a8: Machine: 0x8664 - amd64 24e4.25a8: Timestamp: 0x5adeb60f 24e4.25a8: Image Version: 0.0 24e4.25a8: SizeOfImage: 0xf2000 (991232) 24e4.25a8: Resource Dir: 0xee000 LB 0x758 24e4.25a8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 24e4.25a8: [Raw version resource data: 0xee110 LB 0x320, codepage 0x0 (reserved 0x0)] 24e4.25a8: ProductName: SYSCORE 24e4.25a8: ProductVersion: 18.5.0.131 24e4.25a8: FileVersion: SYSCORE.18.5.0.131 24e4.25a8: PrivateBuild: SYSCORE.18.5.0.131 F14,F15,F16,F18,F20 24e4.25a8: FileDescription: McAfee Link Driver 24e4.25a8: \SystemRoot\System32\drivers\mfencbdc.sys: 24e4.25a8: CreationTime: 2018-05-03T08:03:30.000000000Z 24e4.25a8: LastWriteTime: 2018-05-03T08:03:30.000000000Z 24e4.25a8: ChangeTime: 2018-07-12T11:02:39.900398000Z 24e4.25a8: FileAttributes: 0x20 24e4.25a8: Size: 0x86590 24e4.25a8: NT Headers: 0xe0 24e4.25a8: Timestamp: 0x5ae0c367 24e4.25a8: Machine: 0x8664 - amd64 24e4.25a8: Timestamp: 0x5ae0c367 24e4.25a8: Image Version: 0.0 24e4.25a8: SizeOfImage: 0x8a000 (565248) 24e4.25a8: Resource Dir: 0x88000 LB 0x3e0 24e4.25a8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 24e4.25a8: [Raw version resource data: 0x88060 LB 0x380, codepage 0x0 (reserved 0x0)] 24e4.25a8: ProductName: Anti-Malware Core 24e4.25a8: ProductVersion: 18.5.0 24e4.25a8: FileVersion: Anti-Malware Core.18.5.0.287.x64 24e4.25a8: PrivateBuild: Anti-Malware Core.18.5.0.287.x64 24e4.25a8: FileDescription: Event Driver 24e4.25a8: \SystemRoot\System32\drivers\mfewfpk.sys: 24e4.25a8: CreationTime: 2018-07-12T10:46:36.710551900Z 24e4.25a8: LastWriteTime: 2018-07-12T10:56:21.553144900Z 24e4.25a8: ChangeTime: 2018-07-12T10:56:34.160160500Z 24e4.25a8: FileAttributes: 0x20 24e4.25a8: Size: 0x3dba0 24e4.25a8: NT Headers: 0x100 24e4.25a8: Timestamp: 0x5adeb629 24e4.25a8: Machine: 0x8664 - amd64 24e4.25a8: Timestamp: 0x5adeb629 24e4.25a8: Image Version: 0.0 24e4.25a8: SizeOfImage: 0x59000 (364544) 24e4.25a8: Resource Dir: 0x57000 LB 0x380 24e4.25a8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 24e4.25a8: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)] 24e4.25a8: ProductName: SYSCORE 24e4.25a8: ProductVersion: 18.5.0.131 24e4.25a8: FileVersion: SYSCORE.18.5.0.131 24e4.25a8: PrivateBuild: SYSCORE.18.5.0.131 F17,F18 24e4.25a8: FileDescription: Anti-Virus Mini-Firewall Driver 24e4.25a8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 24e4.25a8: Calling main() 24e4.25a8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 24e4.25a8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 24e4.25a8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe) 24e4.25a8: SUPR3HardenedMain: Final process, opening VBoxDrv... 24e4.25a8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000a00000 LB 0x400000) 24e4.25a8: supR3HardNtEnableThreadCreation: 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 24e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff994450000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff994450000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff994450000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff994450000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'msasn1.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 24e4.25a8: supR3HardenedDllNotificationCallback: load 0000000000a00000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a0940000 LB 0x001ce000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a0810000 LB 0x00058000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0810000 'C:\WINDOWS\system32\Wintrust.dll' 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 24e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99f490000 LB 0x00025000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99f490000 'C:\WINDOWS\system32\bcrypt.dll' 24e4.25a8: bcrypt.dll loaded at 00007ff99f490000, BCryptOpenAlgorithmProvider at 00007ff99f492590, preloading providers: 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0040000 'C:\WINDOWS\system32\bcryptprimitives.dll' 24e4.25a8: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000002f8b9d0) 24e4.25a8: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000002f8c760) 24e4.25a8: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000002f85400) 24e4.25a8: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000002f85540) 24e4.25a8: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000002f8a370) 24e4.25a8: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000002f9d2c0) 24e4.25a8: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000002f9d590) 24e4.25a8: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000002f8d310) 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0810000 'C:\Windows\System32\WINTRUST.DLL' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0810000 'C:\Windows\System32\WINTRUST.DLL' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0810000 'C:\Windows\System32\WINTRUST.DLL' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0810000 'C:\Windows\System32\WINTRUST.DLL' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0810000 'C:\Windows\System32\WINTRUST.DLL' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0810000 'C:\Windows\System32\WINTRUST.DLL' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0810000 'C:\Windows\System32\WINTRUST.DLL' 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99f380000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99edd0000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99f3a0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0b10000 'C:\WINDOWS\System32\kernel32.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0810000 'C:\Windows\System32\WINTRUST.DLL' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\CRYPT32.dll' 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a0ce0000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0] 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99e760000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff990ea0000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990ea0000 'C:\WINDOWS\System32\cryptnet.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990ea0000 'C:\WINDOWS\System32\cryptnet.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990ea0000 'C:\WINDOWS\System32\cryptnet.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990ea0000 'C:\WINDOWS\System32\cryptnet.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990ea0000 'C:\WINDOWS\System32\cryptnet.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990ea0000 'C:\WINDOWS\System32\cryptnet.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990ea0000 'C:\WINDOWS\System32\cryptnet.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990ea0000 'C:\WINDOWS\System32\cryptnet.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990ea0000 'C:\WINDOWS\System32\cryptnet.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990ea0000 'C:\WINDOWS\System32\cryptnet.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990ea0000 'C:\WINDOWS\System32\cryptnet.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990ea0000 'C:\WINDOWS\System32\cryptnet.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990ea0000 'C:\Windows\System32\cryptnet.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000002fa5a00 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002fa5a00 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E2E4DE0C5BD65756637B6F71B7BAE24CF704BFD 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0bc0000 'C:\WINDOWS\System32\rpcrt4.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0810000 'C:\Windows\System32\WINTRUST.DLL' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0810000 'C:\Windows\System32\WINTRUST.DLL' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0810000 'C:\Windows\System32\WINTRUST.DLL' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0810000 'C:\Windows\System32\WINTRUST.DLL' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0810000 'C:\Windows\System32\WINTRUST.DLL' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0810000 'C:\Windows\System32\WINTRUST.DLL' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0810000 'C:\Windows\System32\WINTRUST.DLL' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\SystemRoot\System32\ntdll.dll' 24e4.25a8: g_pfnWinVerifyTrust=00007ff9a0816bc0 24e4.25a8: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' 24e4.25a8: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll' 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000508 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002fa5a00 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002fa5a00 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A0BC1B38B9F5EE15493A1BB6ABB29D2FFBB4119 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll' 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dnsapi.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\QIPCAP64.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\system32\crypt32.dll' 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0xb89fbcc1e1cf9800 DC=org, DC=lhasalimited, CN=lhasalimited-LUKSERVER04-CA 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp. 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x3eca5e688d39ca00 OU=Websense Internet Authority, CN=Websense Inc., L=San Diego, C=US 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0xe5261e55411ec00 C=US, ST=Texas, L=Austin, O=Forcepoint LLC, CN=Forcepoint Cloud CA 24e4.25a8: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: O=McAfee, OU=Orion, CN=LUKSERVER11 24e4.25a8: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=US, ST=Texas, O=Forcepoint LLC, CN=Forcepoint Cloud OPS CA 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0xa4e995d59bb79500 C=US, ST=CA, L=LG, O=Websense, Inc., OU=Websense Endpoint, Email=support@websense.com, CN=Websense Public Primary Certificate Authority, desc=246990743EP@websense.com 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0xeac57f72a26cd900 DC=org, DC=lhasalimited, CN=lhasalimited-LUKSERVER04-CA 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x4c5a41b7554ba200 DC=org, DC=lhasalimited, CN=lhasalimited-LUKPC155-CA 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0xb89fbcc1e1cf9800 DC=org, DC=lhasalimited, CN=lhasalimited-LUKSERVER04-CA 24e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0xd63d3c838f6c900 CN=lhasalimited-LUKPC213-CA 24e4.25a8: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=36 24e4.25a8: SUPR3HardenedMain: Load Runtime... 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 24e4.25a8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01: [calling] 24e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 24e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust] 24e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 000000006ba60000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust] 24e4.25a8: supR3HardenedDllNotificationCallback: load 000000006bb40000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9435d0000 LB 0x00590000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 24e4.25a8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0810000 'C:\WINDOWS\system32\Wintrust.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\system32\crypt32.dll' 24e4.25a8: SUPR3HardenedMain: Load TrustedMain... 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008] 24e4.25a8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmmbase.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmmbase.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'gdi32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'user32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'combase.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 24e4.25a8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 24e4.25a8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 24e4.25a8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008] 24e4.25a8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'shlwapi.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'comctl32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'shell32.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\comdlg32.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comdlg32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume3\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008] 24e4.25a8: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\winspool.drv'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'iphlpapi.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'bcrypt.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\winspool.drv) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winspool.drv 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rcNtRedir=0x0] 24e4.25a8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\comctl32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\comctl32.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comctl32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [redoing WinVerifyTrust] 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000564 pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002fa5a00 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002fa5a00 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F39C902102F30859FF82648A950427FCB81FB124 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00111~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll' 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 24e4.25a8: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01: [calling] 24e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll 24e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll 24e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 24e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 24e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll 24e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll 24e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll 24e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll 24e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust] 24e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust] 24e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\winspool.drv [avoiding WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.15_none_e47c14a8033886fc\comctl32.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.15_none_e47c14a8033886fc\comctl32.dll 24e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust] 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff990d20000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust] 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff991120000 LB 0x0011e000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a19e0000 LB 0x00149000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9949e0000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust] 24e4.25a8: supR3HardenedDllNotificationCallback: load 000000006b4f0000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff93f1b0000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 000000006af80000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff999480000 LB 0x00086000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\winspool.drv [avoiding WinVerifyTrust] 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff97f430000 LB 0x000a6000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.15_none_e47c14a8033886fc\COMCTL32.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.15_none_e47c14a8033886fc\comctl32.dll [avoiding WinVerifyTrust] 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a18d0000 LB 0x0010a000 C:\WINDOWS\System32\COMDLG32.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\comdlg32.dll [avoiding WinVerifyTrust] 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff98c2b0000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 000000006af20000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 0000000005720000 LB 0x000c5000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff995940000 LB 0x0002a000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust] 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9956c0000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff942bc0000 LB 0x00a06000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll 24e4.25a8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.15_none_e47c14a8033886fc\comctl32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.15_none_e47c14a8033886fc\comctl32.dll' [rescheduled] 24e4.25a8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\comctl32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rescheduled] 24e4.25a8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\winspool.drv'. 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winspool.drv' [rescheduled] 24e4.25a8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' [rescheduled] 24e4.25a8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] 24e4.25a8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] 24e4.25a8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a18a0000 'C:\WINDOWS\System32\imm32.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a1b30000 'C:\WINDOWS\System32\ADVAPI32.DLL' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff942bc0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll' 24e4.25a8: SUPR3HardenedMain: Calling TrustedMain (00007ff942bc14f0)... 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff94a9e0000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a9e0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll' 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000688 pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002fa5a00 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002fa5a00 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB199956403E78CE61C981F6BA97CA632BE55AC 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll' 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 24e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99e060000 LB 0x00095000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99e060000 'C:\WINDOWS\system32\uxtheme.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a1670000 'C:\WINDOWS\system32\user32.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a2120000 'C:\WINDOWS\system32\shell32.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a1bf0000 'C:\WINDOWS\system32\SHCore.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'win32u.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dwmapi.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99e130000 LB 0x0002a000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9956c0000 'C:\WINDOWS\system32\winmm.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9956c0000 'C:\WINDOWS\system32\winmm.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a2120000 'C:\WINDOWS\system32\shell32.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99e060000 'C:\WINDOWS\system32\uxtheme.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a1b30000 'C:\WINDOWS\system32\advapi32.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'profapi.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll) WinVerifyTrust 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99f890000 LB 0x00029000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99f890000 'C:\WINDOWS\system32\userenv.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0b10000 'C:\WINDOWS\System32\kernel32.dll' 24e4.25a8: supR3HardenedDllNotificationCallback: load 0000000005ce0000 LB 0x0009e000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0] 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll 24e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 24e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 24e4.2040: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 24e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.2040: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.2040: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.2040: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll' 24e4.2040: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.2040: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 24e4.2040: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 24e4.2040: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 24e4.2040: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 24e4.2040: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'. 24e4.2040: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'. 24e4.2040: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust 24e4.2040: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll 24e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 24e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 24e4.2040: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 24e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 24e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 24e4.2040: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 24e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 24e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 24e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 24e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 24e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 24e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 24e4.2040: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 24e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 24e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 24e4.2040: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 24e4.2040: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll 24e4.2040: supR3HardenedDllNotificationCallback: load 00007ff93ec60000 LB 0x00545000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0] 24e4.2040: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll 24e4.2040: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff93ec60000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll' 24e4.2040: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.2040: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 24e4.2040: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 24e4.2040: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 24e4.2040: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'. 24e4.2040: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'. 24e4.2040: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'. 24e4.2040: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 24e4.2040: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust 24e4.2040: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll 24e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 24e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 24e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 24e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 24e4.2040: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 24e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 24e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 24e4.2040: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 24e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 24e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 24e4.2040: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll 24e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 24e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 24e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 24e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 24e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 24e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 24e4.2040: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 24e4.2040: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll 24e4.2040: supR3HardenedDllNotificationCallback: load 00007ff96ace0000 LB 0x000ba000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0] 24e4.2040: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll 24e4.2040: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96ace0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll' 24e4.2040: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 24e4.2040: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 24e4.2040: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000005720000 'C:\Windows\System32\oleaut32.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\gdi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a3570000 'C:\WINDOWS\system32\gdi32.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a2120000 'C:\WINDOWS\system32\shell32.dll' 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a14a0000 LB 0x00167000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0] 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'oleaut32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'imm32.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msctf.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll' 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009e8 pwszName=\Device\HarddiskVolume3\Windows\System32\DataExchange.dll 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002fa5a00 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002fa5a00 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87FA668FC207CB724FFDD342C6B5B8D273E3498D 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0010~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\DataExchange.dll' 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'combase.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'd3d11.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'dcomp.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DataExchange.dll) WinVerifyTrust 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DataExchange.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume3\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dcomp.dll) WinVerifyTrust 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dcomp.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'win32u.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\d3d11.dll) WinVerifyTrust 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\d3d11.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dxgi.dll) WinVerifyTrust 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dxgi.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 24e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll 24e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll 24e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll 24e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99e800000 LB 0x000af000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99c5c0000 LB 0x002e2000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99cf60000 LB 0x00142000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff977820000 LB 0x0004f000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a3570000 'C:\WINDOWS\System32\gdi32.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977820000 'C:\WINDOWS\system32\dataexchange.dll' 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rmclient.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcrypt.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rmclient.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rmclient.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99e180000 LB 0x00020000 C:\WINDOWS\system32\RMCLIENT.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rmclient.dll [avoiding WinVerifyTrust] 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99e1a0000 LB 0x0017b000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'coreuicomponents.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'coremessaging.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'shcore.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntmarta.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntmarta.dll 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'bcryptprimitives.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinTypes.dll) 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinTypes.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99ea80000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust] 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99ce80000 LB 0x000dd000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust] 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99b6a0000 LB 0x00136000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust] 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9884d0000 LB 0x002ee000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust] 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9887c0000 LB 0x00098000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume3\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rmclient.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rmclient.dll' -> '\Device\HarddiskVolume3\Windows\System32\rmclient.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rmclient.dll [lacks WinVerifyTrust] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WinTypes.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntmarta.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rmclient.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.DLL (Input=OLEAUT32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000005720000 'C:\WINDOWS\System32\OLEAUT32.DLL' 24e4.25a8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a1670000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll' 24e4.25a8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a1670000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll' 24e4.25a8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a1ca0000 'api-ms-win-core-com-l1-1-0.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a14a0000 'C:\WINDOWS\System32\MSCTF.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a2120000 'C:\WINDOWS\system32\shell32.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a2120000 'C:\WINDOWS\system32\shell32.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a19e0000 'C:\WINDOWS\System32\ole32.dll' 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000005720000 'C:\WINDOWS\System32\OLEAUT32.dll' 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ae0 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002fa5a00 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002fa5a00 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AE2733DC030E44DCE443886E467FF179D2D68A91 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1200_for_KB4284819~31bf3856ad364e35~amd64~~10.0.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll' 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000aec pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002fa5a00 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002fa5a00 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CA3F9D85214DB0270185C719B931C69440BA9C18 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 24e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll 24e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff998ab0000 LB 0x00081000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff998470000 LB 0x0000f000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll 24e4.25a8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff998470000 'C:\WINDOWS\system32\wbem\wbemprox.dll' 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b1c pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002fa5a00 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002fa5a00 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4C70145BD7347C12AB1BF3946D40606389C4D331 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll' 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 24e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9978f0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9978f0000 'C:\WINDOWS\system32\wbem\wbemsvc.dll' 24e4.25a8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-localization-l1-2-0.dll' 24e4.25a8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll' 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b20 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002fa5a00 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002fa5a00 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=336CDD3C969CEFC6CE8D502298ED123FE8D2F483 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll' 24e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'wbemcomn.dll'. 24e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust 24e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 24e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll 24e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9974f0000 LB 0x000f0000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0] 24e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9974f0000 'C:\WINDOWS\system32\wbem\fastprox.dll' 24e4.520: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.520: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 24e4.520: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'. 24e4.520: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 24e4.520: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust 24e4.520: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll 24e4.520: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 24e4.520: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 24e4.520: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'... 24e4.520: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008] 24e4.520: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.520: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'. 24e4.520: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 24e4.520: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'. 24e4.520: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust 24e4.520: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll 24e4.520: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 24e4.520: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 24e4.520: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.520: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.520: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 24e4.520: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 24e4.520: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll 24e4.520: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 24e4.520: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 24e4.520: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.520: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll 24e4.520: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll 24e4.520: supR3HardenedDllNotificationCallback: load 000000006bd10000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0] 24e4.520: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll 24e4.520: supR3HardenedDllNotificationCallback: load 00007ff96a930000 LB 0x002c9000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0] 24e4.520: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll 24e4.520: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96a930000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c34 pwszName=\Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll 24e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002fa5a00 24e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002fa5a00 24e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F30E80B88384D221750DC79ADCE84BDFB8A5A73A 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00111~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll' 24e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'oleaut32.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'ws2_32.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'netsetupapi.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'setupapi.dll'. 24e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll) WinVerifyTrust 24e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'cfgmgr32.dll'. 24e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust 24e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netsetupapi.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'netsetupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\netsetupapi.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. 24e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll) WinVerifyTrust 24e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupShim.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 24e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll 24e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll 24e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff998510000 LB 0x00026000 C:\Windows\System32\NetSetupApi.dll [fFlags=0x0] 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll 24e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff9a0d60000 LB 0x0044e000 C:\WINDOWS\System32\setupapi.dll [fFlags=0x0] 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll 24e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff998360000 LB 0x0007d000 C:\Windows\System32\NetSetupShim.dll [fFlags=0x0] 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff998360000 'C:\Windows\System32\NetSetupShim.dll' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'nsi.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'winnsi.dll'. 24e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\NetSetupEngine.dll) WinVerifyTrust 24e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\NetSetupEngine.dll 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'. 24e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll) WinVerifyTrust 24e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupEngine.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupEngine.dll 24e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll 24e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff99bd00000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0] 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll 24e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff97a780000 LB 0x000c1000 C:\Windows\System32\NetSetupEngine.dll [fFlags=0x0] 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupEngine.dll 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97a780000 'C:\Windows\System32\NetSetupEngine.dll' 24e4.3abc: supR3HardenedDllNotificationCallback: Unload 00007ff97a780000 LB 0x000c1000 C:\Windows\System32\NetSetupEngine.dll [flags=0x0] 24e4.3abc: supR3HardenedDllNotificationCallback: Unload 00007ff99bd00000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [flags=0x0] 24e4.3908: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.3908: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 24e4.3908: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 24e4.3908: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 24e4.3908: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 24e4.3908: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust 24e4.3908: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll 24e4.3908: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 24e4.3908: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 24e4.3908: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 24e4.3908: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 24e4.3908: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 24e4.3908: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 24e4.3908: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll 24e4.3908: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 24e4.3908: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 24e4.3908: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.3908: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll 24e4.3908: supR3HardenedDllNotificationCallback: load 00007ff99d980000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0] 24e4.3908: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll 24e4.3908: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99d980000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL' 24e4.3908: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a1670000 'C:\WINDOWS\system32\User32.dll' 24e4.1b04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.1b04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 24e4.1b04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 24e4.1b04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 24e4.1b04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust 24e4.1b04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll 24e4.1b04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 24e4.1b04: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 24e4.1b04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 24e4.1b04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 24e4.1b04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 24e4.1b04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 24e4.1b04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 24e4.1b04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.1b04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll 24e4.1b04: supR3HardenedDllNotificationCallback: load 00007ff99d970000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0] 24e4.1b04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll 24e4.1b04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99d970000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL' 24e4.898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 24e4.898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 24e4.898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 24e4.898: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust 24e4.898: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll 24e4.898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 24e4.898: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 24e4.898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 24e4.898: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 24e4.898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 24e4.898: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 24e4.898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.898: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll 24e4.898: supR3HardenedDllNotificationCallback: load 00007ff99d880000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0] 24e4.898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll 24e4.898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99d880000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL' 24e4.2774: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.2774: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 24e4.2774: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 24e4.2774: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 24e4.2774: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust 24e4.2774: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll 24e4.2774: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 24e4.2774: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 24e4.2774: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 24e4.2774: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 24e4.2774: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 24e4.2774: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 24e4.2774: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 24e4.2774: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.2774: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll 24e4.2774: supR3HardenedDllNotificationCallback: load 00007ff99d870000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0] 24e4.2774: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll 24e4.2774: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99d870000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a2120000 'C:\WINDOWS\system32\Shell32.dll' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'. 24e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust 24e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 24e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust 24e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. 24e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust 24e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll 24e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll 24e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll 24e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff94a970000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0] 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll 24e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff993790000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0] 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll 24e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff95d3b0000 LB 0x009c3000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0] 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff95d3b0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff93ec60000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff993790000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.38b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.38b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 24e4.38b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 24e4.38b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 24e4.38b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust 24e4.38b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll 24e4.38b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 24e4.38b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 24e4.38b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 24e4.38b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 24e4.38b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll 24e4.38b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 24e4.38b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 24e4.38b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.38b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll 24e4.38b4: supR3HardenedDllNotificationCallback: load 00007ff99d550000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0] 24e4.38b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll 24e4.38b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99d550000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'devobj.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'propsys.dll'. 24e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll) WinVerifyTrust 24e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'. 24e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\propsys.dll) WinVerifyTrust 24e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\propsys.dll 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'cfgmgr32.dll'. 24e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devobj.dll) WinVerifyTrust 24e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 24e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll 24e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll 24e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll 24e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff99f7a0000 LB 0x00027000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0] 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll 24e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff99b080000 LB 0x001b1000 C:\WINDOWS\System32\PROPSYS.dll [fFlags=0x0] 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll 24e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff9983e0000 LB 0x0006f000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0] 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9983e0000 'C:\WINDOWS\System32\MMDevApi.dll' 24e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e7c pwszName=\Device\HarddiskVolume3\Windows\System32\dsound.dll 24e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002fa5a00 24e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002fa5a00 24e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=149E0A5A40CD1471B9EF3D3043A8C754805FEC76 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\dsound.dll' 24e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'winmm.dll'. 24e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dsound.dll) WinVerifyTrust 24e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dsound.dll 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 24e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll 24e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff9826e0000 LB 0x0008f000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0] 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9826e0000 'C:\WINDOWS\System32\dsound.dll' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9826e0000 'C:\WINDOWS\System32\dsound.dll' 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9826e0000 'C:\WINDOWS\system32\dsound.dll' 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9983e0000 'C:\WINDOWS\System32\MMDEVAPI.DLL' 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9956c0000 'C:\WINDOWS\System32\winmm.dll' 24e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fa0 pwszName=\Device\HarddiskVolume3\Windows\System32\wdmaud.drv 24e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002fa5a00 24e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002fa5a00 24e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=47392EB8EC6AC07C788B971D8BB592B6FD619920 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\wdmaud.drv' 24e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'ksuser.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'avrt.dll'. 24e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wdmaud.drv) WinVerifyTrust 24e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wdmaud.drv 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\avrt.dll) WinVerifyTrust 24e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\avrt.dll 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume3\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ksuser.dll) WinVerifyTrust 24e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ksuser.dll 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 24e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv 24e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll 24e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll 24e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff999510000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0] 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll 24e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff99a470000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0] 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll 24e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff993df0000 LB 0x00042000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0] 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff993df0000 'C:\WINDOWS\System32\wdmaud.drv' 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff993df0000 'C:\WINDOWS\System32\wdmaud.drv' 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff993df0000 'C:\WINDOWS\System32\wdmaud.drv' 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff993df0000 'C:\WINDOWS\System32\wdmaud.drv' 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff993df0000 'C:\WINDOWS\System32\wdmaud.drv' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'mmdevapi.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'avrt.dll'. 24e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\AudioSes.dll) WinVerifyTrust 24e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\AudioSes.dll 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll 24e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff995740000 LB 0x00122000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0] 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff995740000 'C:\WINDOWS\System32\AUDIOSES.DLL' 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff993df0000 'C:\WINDOWS\System32\wdmaud.drv' 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff993df0000 'C:\WINDOWS\System32\wdmaud.drv' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff993df0000 'C:\WINDOWS\System32\wdmaud.drv' 24e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume3\Windows\System32\msacm32.drv 24e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002fa5a00 24e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002fa5a00 24e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8069FA07F8A743E03BD7E2DA392DE4429701D8E6 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\msacm32.drv' 24e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmmbase.dll'. 24e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.drv) WinVerifyTrust 24e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.drv 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [redoing WinVerifyTrust] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.3abc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.dll) WinVerifyTrust 24e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.dll 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 24e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv 24e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll 24e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff995f50000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0] 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll 24e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff9960c0000 LB 0x0000c000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0] 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9960c0000 'C:\WINDOWS\System32\msacm32.drv' 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9960c0000 'C:\WINDOWS\System32\msacm32.drv' 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9960c0000 'C:\WINDOWS\System32\msacm32.drv' 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9960c0000 'C:\WINDOWS\System32\msacm32.drv' 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9960c0000 'C:\WINDOWS\System32\msacm32.drv' 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9960c0000 'C:\WINDOWS\System32\msacm32.drv' 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9960c0000 'C:\WINDOWS\System32\msacm32.drv' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9960c0000 'C:\WINDOWS\System32\msacm32.drv' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9960c0000 'C:\WINDOWS\System32\msacm32.drv' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9960c0000 'C:\WINDOWS\System32\msacm32.drv' 24e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ff4 pwszName=\Device\HarddiskVolume3\Windows\System32\midimap.dll 24e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002fa5a00 24e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002fa5a00 24e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=725292B88FCE45C617EE0258A333B14CA2D7EF04 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll' 24e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\midimap.dll' 24e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 24e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'. 24e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\midimap.dll) WinVerifyTrust 24e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\midimap.dll 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 24e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 24e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll 24e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff995f40000 LB 0x0000a000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0] 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff995f40000 'C:\WINDOWS\System32\midimap.dll' 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff995f40000 'C:\WINDOWS\System32\midimap.dll' 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff995f40000 'C:\WINDOWS\System32\midimap.dll' 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff995f40000 'C:\WINDOWS\System32\midimap.dll' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9956c0000 'C:\WINDOWS\System32\winmm.dll' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9956c0000 'C:\WINDOWS\System32\winmm.dll' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9956c0000 'C:\WINDOWS\System32\winmm.dll' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9956c0000 'C:\WINDOWS\System32\winmm.dll' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9956c0000 'C:\WINDOWS\System32\winmm.dll' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9956c0000 'C:\WINDOWS\System32\winmm.dll' 24e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9826e0000 'C:\WINDOWS\system32\dsound.dll' 24e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9956c0000 'C:\WINDOWS\System32\winmm.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a2120000 'C:\WINDOWS\system32\shell32.dll' 24e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a2120000 'C:\WINDOWS\system32\shell32.dll' 24e4.38b4: supR3HardenedDllNotificationCallback: Unload 00007ff99d550000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0] 24e4.2774: supR3HardenedDllNotificationCallback: Unload 00007ff99d870000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0] 24e4.898: supR3HardenedDllNotificationCallback: Unload 00007ff99d880000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0] 24e4.1b04: supR3HardenedDllNotificationCallback: Unload 00007ff99d970000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0] 24e4.3908: supR3HardenedDllNotificationCallback: Unload 00007ff99d980000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0] 24e4.3abc: supR3HardenedDllNotificationCallback: Unload 00007ff95d3b0000 LB 0x009c3000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0] 24e4.3abc: supR3HardenedDllNotificationCallback: Unload 00007ff94a970000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0] 24e4.3abc: supR3HardenedDllNotificationCallback: Unload 00007ff993790000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0] 24e4.25a8: supR3HardenedDllNotificationCallback: Unload 00007ff9978f0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [flags=0x0] 24e4.25a8: supR3HardenedDllNotificationCallback: Unload 00007ff977820000 LB 0x0004f000 C:\WINDOWS\system32\dataexchange.dll [flags=0x0] 24e4.25a8: supR3HardenedDllNotificationCallback: Unload 00007ff99c5c0000 LB 0x002e2000 C:\WINDOWS\system32\d3d11.dll [flags=0x0] 24e4.25a8: supR3HardenedDllNotificationCallback: Unload 00007ff99e800000 LB 0x000af000 C:\WINDOWS\system32\dxgi.dll [flags=0x0] 24e4.25a8: supR3HardenedDllNotificationCallback: Unload 00007ff99cf60000 LB 0x00142000 C:\WINDOWS\system32\dcomp.dll [flags=0x0] 24e4.25a8: supR3HardenedDllNotificationCallback: Unload 00007ff99e1a0000 LB 0x0017b000 C:\WINDOWS\system32\twinapi.appcore.dll [flags=0x0] 24e4.25a8: supR3HardenedDllNotificationCallback: Unload 00007ff99e180000 LB 0x00020000 C:\WINDOWS\system32\RMCLIENT.dll [flags=0x0] 24e4.25a8: supR3HardenedDllNotificationCallback: Unload 00007ff9974f0000 LB 0x000f0000 C:\WINDOWS\system32\wbem\fastprox.dll [flags=0x0] 24e4.25a8: supR3HardenedDllNotificationCallback: Unload 00007ff96ace0000 LB 0x000ba000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0] 24e4.25a8: supR3HardenedDllNotificationCallback: Unload 00007ff998470000 LB 0x0000f000 C:\WINDOWS\system32\wbem\wbemprox.dll [flags=0x0] 24e4.25a8: supR3HardenedDllNotificationCallback: Unload 00007ff998ab0000 LB 0x00081000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [flags=0x0] 24e4.25a8: supR3HardenedDllNotificationCallback: Unload 00007ff93ec60000 LB 0x00545000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0] 24e4.25a8: supR3HardenedDllNotificationCallback: Unload 00007ff998360000 LB 0x0007d000 C:\Windows\System32\NetSetupShim.dll [flags=0x0] 24e4.25a8: supR3HardenedDllNotificationCallback: Unload 00007ff998510000 LB 0x00026000 C:\Windows\System32\NetSetupApi.dll [flags=0x0] 24e4.25a8: supR3HardenedDllNotificationCallback: Unload 00007ff9a0d60000 LB 0x0044e000 C:\WINDOWS\System32\setupapi.dll [flags=0x0] 24e4.25a8: Terminating the normal way: rcExit=0 3cac.325c: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 55046 ms, the end); 2c64.2c10: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 56106 ms, the end);