4918.46d4: Log file opened: 6.0.0r127566 g_hStartupLog=0000000000000068 g_uNtVerCombined=0xa042ee00 4918.46d4: \SystemRoot\System32\ntdll.dll: 4918.46d4: CreationTime: 2018-12-12T16:22:11.967963000Z 4918.46d4: LastWriteTime: 2018-12-08T08:04:53.786979100Z 4918.46d4: ChangeTime: 2018-12-20T17:28:16.091009200Z 4918.46d4: FileAttributes: 0x20 4918.46d4: Size: 0x1da720 4918.46d4: NT Headers: 0xe8 4918.46d4: Timestamp: 0x7e614c22 4918.46d4: Machine: 0x8664 - amd64 4918.46d4: Timestamp: 0x7e614c22 4918.46d4: Image Version: 10.0 4918.46d4: SizeOfImage: 0x1e1000 (1970176) 4918.46d4: Resource Dir: 0x174000 LB 0x6b3e8 4918.46d4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 4918.46d4: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)] 4918.46d4: ProductName: Microsoft® Windows® Operating System 4918.46d4: ProductVersion: 10.0.17134.471 4918.46d4: FileVersion: 10.0.17134.471 (WinBuild.160101.0800) 4918.46d4: FileDescription: NT Layer DLL 4918.46d4: \SystemRoot\System32\kernel32.dll: 4918.46d4: CreationTime: 2018-04-11T23:34:40.510607900Z 4918.46d4: LastWriteTime: 2018-04-11T23:34:40.510607900Z 4918.46d4: ChangeTime: 2018-08-02T10:52:14.292003200Z 4918.46d4: FileAttributes: 0x20 4918.46d4: Size: 0xafef8 4918.46d4: NT Headers: 0xe8 4918.46d4: Timestamp: 0x5f488a51 4918.46d4: Machine: 0x8664 - amd64 4918.46d4: Timestamp: 0x5f488a51 4918.46d4: Image Version: 10.0 4918.46d4: SizeOfImage: 0xb2000 (729088) 4918.46d4: Resource Dir: 0xb0000 LB 0x520 4918.46d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 4918.46d4: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 4918.46d4: ProductName: Microsoft® Windows® Operating System 4918.46d4: ProductVersion: 10.0.17134.1 4918.46d4: FileVersion: 10.0.17134.1 (WinBuild.160101.0800) 4918.46d4: FileDescription: Windows NT BASE API Client DLL 4918.46d4: \SystemRoot\System32\KernelBase.dll: 4918.46d4: CreationTime: 2018-11-27T20:43:23.300474400Z 4918.46d4: LastWriteTime: 2018-11-09T02:47:52.285920600Z 4918.46d4: ChangeTime: 2018-12-20T17:28:16.089057400Z 4918.46d4: FileAttributes: 0x20 4918.46d4: Size: 0x273b78 4918.46d4: NT Headers: 0xf0 4918.46d4: Timestamp: 0x428de48c 4918.46d4: Machine: 0x8664 - amd64 4918.46d4: Timestamp: 0x428de48c 4918.46d4: Image Version: 10.0 4918.46d4: SizeOfImage: 0x273000 (2568192) 4918.46d4: Resource Dir: 0x251000 LB 0x548 4918.46d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 4918.46d4: [Raw version resource data: 0x2510b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 4918.46d4: ProductName: Microsoft® Windows® Operating System 4918.46d4: ProductVersion: 10.0.17134.441 4918.46d4: FileVersion: 10.0.17134.441 (WinBuild.160101.0800) 4918.46d4: FileDescription: Windows NT BASE API Client DLL 4918.46d4: \SystemRoot\System32\apisetschema.dll: 4918.46d4: CreationTime: 2018-04-11T23:34:44.042150700Z 4918.46d4: LastWriteTime: 2018-04-11T23:34:44.042150700Z 4918.46d4: ChangeTime: 2018-08-02T11:35:09.677325500Z 4918.46d4: FileAttributes: 0x20 4918.46d4: Size: 0x1bd98 4918.46d4: NT Headers: 0xd0 4918.46d4: Timestamp: 0xd02ff418 4918.46d4: Machine: 0x8664 - amd64 4918.46d4: Timestamp: 0xd02ff418 4918.46d4: Image Version: 10.0 4918.46d4: SizeOfImage: 0x1c000 (114688) 4918.46d4: Resource Dir: 0x1b000 LB 0x408 4918.46d4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 4918.46d4: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 4918.46d4: ProductName: Microsoft® Windows® Operating System 4918.46d4: ProductVersion: 10.0.17134.1 4918.46d4: FileVersion: 10.0.17134.1 (WinBuild.160101.0800) 4918.46d4: FileDescription: ApiSet Schema DLL 4918.46d4: NtOpenDirectoryObject failed on \Driver: 0xc0000022 4918.46d4: supR3HardenedWinFindAdversaries: 0x20 4918.46d4: \SystemRoot\System32\drivers\cfwids.sys: 4918.46d4: CreationTime: 2018-01-31T17:06:48.000000000Z 4918.46d4: LastWriteTime: 2018-10-04T08:27:26.000000000Z 4918.46d4: ChangeTime: 2018-12-26T04:19:44.333339400Z 4918.46d4: FileAttributes: 0x20 4918.46d4: Size: 0x12d40 4918.46d4: NT Headers: 0xf0 4918.46d4: Timestamp: 0x5b7cebbe 4918.46d4: Machine: 0x8664 - amd64 4918.46d4: Timestamp: 0x5b7cebbe 4918.46d4: Image Version: 0.0 4918.46d4: SizeOfImage: 0x14000 (81920) 4918.46d4: Resource Dir: 0x12000 LB 0x550 4918.46d4: [Version info resource found at 0x80! (ID/Name: 0x1; SubID/SubName: 0x409)] 4918.46d4: [Raw version resource data: 0x120a0 LB 0x318, codepage 0x0 (reserved 0x0)] 4918.46d4: ProductName: SYSCORE 4918.46d4: ProductVersion: 18.9.0.174 4918.46d4: FileVersion: SYSCORE.18.9.0.174 4918.46d4: PrivateBuild: SYSCORE.18.9.0.174 4918.46d4: FileDescription: McAfee Personal Firewall IDS Plugin 4918.46d4: \SystemRoot\System32\drivers\mfeavfk.sys: 4918.46d4: CreationTime: 2018-01-31T17:06:48.000000000Z 4918.46d4: LastWriteTime: 2018-10-04T08:27:26.000000000Z 4918.46d4: ChangeTime: 2018-12-26T04:19:44.054118000Z 4918.46d4: FileAttributes: 0x20 4918.46d4: Size: 0x5ab40 4918.46d4: NT Headers: 0xe8 4918.46d4: Timestamp: 0x5b7ceb01 4918.46d4: Machine: 0x8664 - amd64 4918.46d4: Timestamp: 0x5b7ceb01 4918.46d4: Image Version: 0.0 4918.46d4: SizeOfImage: 0x5b000 (372736) 4918.46d4: Resource Dir: 0x59000 LB 0x758 4918.46d4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 4918.46d4: [Raw version resource data: 0x59110 LB 0x334, codepage 0x0 (reserved 0x0)] 4918.46d4: ProductName: SYSCORE 4918.46d4: ProductVersion: 18.9.0.174 4918.46d4: FileVersion: SYSCORE.18.9.0.174 4918.46d4: PrivateBuild: SYSCORE.18.9.0.174 F15,F16,F19 4918.46d4: FileDescription: Anti-Virus File System Filter Driver 4918.46d4: \SystemRoot\System32\drivers\mfefirek.sys: 4918.46d4: CreationTime: 2018-01-31T17:06:48.000000000Z 4918.46d4: LastWriteTime: 2018-10-04T08:27:26.000000000Z 4918.46d4: ChangeTime: 2018-12-26T04:19:43.925830500Z 4918.46d4: FileAttributes: 0x20 4918.46d4: Size: 0x7dd40 4918.46d4: NT Headers: 0xf0 4918.46d4: Timestamp: 0x5b7ceb8a 4918.46d4: Machine: 0x8664 - amd64 4918.46d4: Timestamp: 0x5b7ceb8a 4918.46d4: Image Version: 0.0 4918.46d4: SizeOfImage: 0x7f000 (520192) 4918.46d4: Resource Dir: 0x7b000 LB 0x388 4918.46d4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 4918.46d4: [Raw version resource data: 0x7b060 LB 0x328, codepage 0x0 (reserved 0x0)] 4918.46d4: ProductName: SYSCORE 4918.46d4: ProductVersion: 18.9.0.174 4918.46d4: FileVersion: SYSCORE.18.9.0.174 4918.46d4: PrivateBuild: SYSCORE.18.9.0.174 F17,F18 4918.46d4: FileDescription: McAfee Core Firewall Engine Driver 4918.46d4: \SystemRoot\System32\drivers\mfehidk.sys: 4918.46d4: CreationTime: 2018-01-31T17:06:48.000000000Z 4918.46d4: LastWriteTime: 2018-10-04T08:27:26.000000000Z 4918.46d4: ChangeTime: 2018-12-26T04:19:39.056247500Z 4918.46d4: FileAttributes: 0x20 4918.46d4: Size: 0xee140 4918.46d4: NT Headers: 0x108 4918.46d4: Timestamp: 0x5b7cea9c 4918.46d4: Machine: 0x8664 - amd64 4918.46d4: Timestamp: 0x5b7cea9c 4918.46d4: Image Version: 0.0 4918.46d4: SizeOfImage: 0xf7000 (1011712) 4918.46d4: Resource Dir: 0xf3000 LB 0x758 4918.46d4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 4918.46d4: [Raw version resource data: 0xf3110 LB 0x320, codepage 0x0 (reserved 0x0)] 4918.46d4: ProductName: SYSCORE 4918.46d4: ProductVersion: 18.9.0.174 4918.46d4: FileVersion: SYSCORE.18.9.0.174 4918.46d4: PrivateBuild: SYSCORE.18.9.0.174 F14,F15,F16,F18,F20 4918.46d4: FileDescription: McAfee Link Driver 4918.46d4: \SystemRoot\System32\drivers\mfencbdc.sys: 4918.46d4: CreationTime: 2017-11-21T07:48:58.000000000Z 4918.46d4: LastWriteTime: 2018-10-02T17:09:34.000000000Z 4918.46d4: ChangeTime: 2018-12-26T04:20:13.928345700Z 4918.46d4: FileAttributes: 0x20 4918.46d4: Size: 0x88f30 4918.46d4: NT Headers: 0xe0 4918.46d4: Timestamp: 0x5b843d50 4918.46d4: Machine: 0x8664 - amd64 4918.46d4: Timestamp: 0x5b843d50 4918.46d4: Image Version: 0.0 4918.46d4: SizeOfImage: 0x8c000 (573440) 4918.46d4: Resource Dir: 0x8a000 LB 0x3e0 4918.46d4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 4918.46d4: [Raw version resource data: 0x8a060 LB 0x380, codepage 0x0 (reserved 0x0)] 4918.46d4: ProductName: Anti-Malware Core 4918.46d4: ProductVersion: 18.9.0 4918.46d4: FileVersion: Anti-Malware Core.18.9.0.284.x64 4918.46d4: PrivateBuild: Anti-Malware Core.18.9.0.284.x64 4918.46d4: FileDescription: Event Driver 4918.46d4: \SystemRoot\System32\drivers\mfewfpk.sys: 4918.46d4: CreationTime: 2018-01-31T17:06:48.000000000Z 4918.46d4: LastWriteTime: 2018-10-04T08:27:26.000000000Z 4918.46d4: ChangeTime: 2018-12-26T04:18:31.226499400Z 4918.46d4: FileAttributes: 0x20 4918.46d4: Size: 0x3df40 4918.46d4: NT Headers: 0xf0 4918.46d4: Timestamp: 0x5b7ceab5 4918.46d4: Machine: 0x8664 - amd64 4918.46d4: Timestamp: 0x5b7ceab5 4918.46d4: Image Version: 0.0 4918.46d4: SizeOfImage: 0x59000 (364544) 4918.46d4: Resource Dir: 0x57000 LB 0x380 4918.46d4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 4918.46d4: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)] 4918.46d4: ProductName: SYSCORE 4918.46d4: ProductVersion: 18.9.0.174 4918.46d4: FileVersion: SYSCORE.18.9.0.174 4918.46d4: PrivateBuild: SYSCORE.18.9.0.174 F17,F18 4918.46d4: FileDescription: Anti-Virus Mini-Firewall Driver 4918.46d4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 4918.46d4: Calling main() 4918.46d4: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 4918.46d4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 4918.46d4: SUPR3HardenedMain: Respawn #1 4918.46d4: System32: \Device\HarddiskVolume3\Windows\System32 4918.46d4: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS 4918.46d4: KnownDllPath: C:\Windows\System32 4918.46d4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 4918.46d4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 4918.46d4: supR3HardNtEnableThreadCreation: 4918.46d4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb23f04f90 pvNtTerminateThread=00007ffb23f2b3f0 4918.46d4: supR3HardenedWinDoReSpawn(1): New child 45d8.2e30 [kernel32]. 4918.46d4: supR3HardNtChildGatherData: PebBaseAddress=00000000002a4000 cbPeb=0x388 4918.46d4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffb23e90000 uNtDllChildAddr=00007ffb23e90000 4918.46d4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffb23f04f90 4918.46d4: supR3HardenedWinSetupChildInit: Start child. 4918.46d4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 4918.46d4: supR3HardNtChildPurify: Startup delay kludge #1/0: 513 ms, 59 sleeps 4918.46d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 4918.46d4: *0000000000000000-00000000000affff 0x0001/0x0000 0x0000000 4918.46d4: *00000000000b0000-00000000000cffff 0x0004/0x0004 0x0020000 4918.46d4: *00000000000d0000-00000000000e8fff 0x0002/0x0002 0x0040000 4918.46d4: 00000000000e9000-00000000000effff 0x0001/0x0000 0x0000000 4918.46d4: *00000000000f0000-00000000001eafff 0x0000/0x0004 0x0020000 4918.46d4: 00000000001eb000-00000000001edfff 0x0104/0x0004 0x0020000 4918.46d4: 00000000001ee000-00000000001effff 0x0004/0x0004 0x0020000 4918.46d4: *00000000001f0000-00000000001f3fff 0x0002/0x0002 0x0040000 4918.46d4: 00000000001f4000-00000000001fffff 0x0001/0x0000 0x0000000 4918.46d4: *0000000000200000-00000000002a3fff 0x0000/0x0004 0x0020000 4918.46d4: 00000000002a4000-00000000002a6fff 0x0004/0x0004 0x0020000 4918.46d4: 00000000002a7000-00000000003fffff 0x0000/0x0004 0x0020000 4918.46d4: *0000000000400000-0000000000400fff 0x0004/0x0004 0x0020000 4918.46d4: 0000000000401000-000000007ffdffff 0x0001/0x0000 0x0000000 4918.46d4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 4918.46d4: 000000007ffe1000-000000007ffe4fff 0x0001/0x0000 0x0000000 4918.46d4: *000000007ffe5000-000000007ffe5fff 0x0002/0x0002 0x0020000 4918.46d4: 000000007ffe6000-00007ff5abb2ffff 0x0001/0x0000 0x0000000 4918.46d4: *00007ff5abb30000-00007ff5abb52fff 0x0002/0x0002 0x0040000 4918.46d4: 00007ff5abb53000-00007ff69b42ffff 0x0001/0x0000 0x0000000 4918.46d4: *00007ff69b430000-00007ff69b430fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4918.46d4: 00007ff69b431000-00007ff69b4a3fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4918.46d4: 00007ff69b4a4000-00007ff69b4a4fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4918.46d4: 00007ff69b4a5000-00007ff69b4ebfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4918.46d4: 00007ff69b4ec000-00007ff69b4ecfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4918.46d4: 00007ff69b4ed000-00007ff69b4edfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4918.46d4: 00007ff69b4ee000-00007ff69b4f2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4918.46d4: 00007ff69b4f3000-00007ff69b4f3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4918.46d4: 00007ff69b4f4000-00007ff69b4f4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4918.46d4: 00007ff69b4f5000-00007ff69b4f8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4918.46d4: 00007ff69b4f9000-00007ff69b541fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4918.46d4: 00007ff69b542000-00007ffb23e8ffff 0x0001/0x0000 0x0000000 4918.46d4: *00007ffb23e90000-00007ffb23e90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4918.46d4: 00007ffb23e91000-00007ffb23f9ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4918.46d4: 00007ffb23fa0000-00007ffb23fe5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4918.46d4: 00007ffb23fe6000-00007ffb23ff0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4918.46d4: 00007ffb23ff1000-00007ffb23ffefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4918.46d4: 00007ffb23fff000-00007ffb23ffffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4918.46d4: 00007ffb24000000-00007ffb24002fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4918.46d4: 00007ffb24003000-00007ffb24070fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4918.46d4: 00007ffb24071000-00007ffffffeffff 0x0001/0x0000 0x0000000 4918.46d4: VirtualBoxVM.exe: timestamp 0x5c18e1cd (rc=VINF_SUCCESS) 4918.46d4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 4918.46d4: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports 4918.46d4: supR3HardNtChildPurify: Done after 551 ms and 0 fixes (loop #0). 45d8.2e30: Log file opened: 6.0.0r127566 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa042ee00 45d8.2e30: supR3HardenedVmProcessInit: uNtDllAddr=00007ffb23e90000 g_uNtVerCombined=0xa042ee00 45d8.2e30: ntdll.dll: timestamp 0x7e614c22 (rc=VINF_SUCCESS) 4918.46d4: supR3HardNtEnableThreadCreation: 45d8.2e30: New simple heap: #1 0000000000510000 LB 0x400000 (for 1970176 allocation) 45d8.2e30: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 45d8.2e30: System32: \Device\HarddiskVolume3\Windows\System32 45d8.2e30: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS 45d8.2e30: KnownDllPath: C:\Windows\System32 45d8.2e30: supR3HardenedVmProcessInit: Opening vboxdrv stub... 45d8.2e30: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 45d8.2e30: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 45d8.2e30: Registered Dll notification callback with NTDLL. 45d8.2e30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll) 45d8.2e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll 45d8.2e30: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] 45d8.2e30: supR3HardenedDllNotificationCallback: load 00007ffb20570000 LB 0x00273000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0] 45d8.2e30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll) 45d8.2e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 45d8.2e30: supR3HardenedDllNotificationCallback: load 00007ffb23da0000 LB 0x000b2000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0] 45d8.2e30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 45d8.2e30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23da0000 'C:\Windows\System32\KERNEL32.DLL' 45d8.2e30: supR3HardenedDllNotificationCallback: load 00007ff69b430000 LB 0x00112000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0] 45d8.2e30: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 45d8.2e30: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 45d8.2e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 45d8.2e30: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb23f04f90 pvNtTerminateThread=00007ffb23f2b3f0 4918.46d4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 77 ms. 45d8.2e30: \SystemRoot\System32\ntdll.dll: 45d8.2e30: CreationTime: 2018-12-12T16:22:11.967963000Z 45d8.2e30: LastWriteTime: 2018-12-08T08:04:53.786979100Z 45d8.2e30: ChangeTime: 2018-12-20T17:28:16.091009200Z 45d8.2e30: FileAttributes: 0x20 45d8.2e30: Size: 0x1da720 45d8.2e30: NT Headers: 0xe8 45d8.2e30: Timestamp: 0x7e614c22 45d8.2e30: Machine: 0x8664 - amd64 45d8.2e30: Timestamp: 0x7e614c22 45d8.2e30: Image Version: 10.0 45d8.2e30: SizeOfImage: 0x1e1000 (1970176) 45d8.2e30: Resource Dir: 0x174000 LB 0x6b3e8 45d8.2e30: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 45d8.2e30: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)] 45d8.2e30: ProductName: Microsoft® Windows® Operating System 45d8.2e30: ProductVersion: 10.0.17134.471 45d8.2e30: FileVersion: 10.0.17134.471 (WinBuild.160101.0800) 45d8.2e30: FileDescription: NT Layer DLL 45d8.2e30: \SystemRoot\System32\kernel32.dll: 45d8.2e30: CreationTime: 2018-04-11T23:34:40.510607900Z 45d8.2e30: LastWriteTime: 2018-04-11T23:34:40.510607900Z 45d8.2e30: ChangeTime: 2018-08-02T10:52:14.292003200Z 45d8.2e30: FileAttributes: 0x20 45d8.2e30: Size: 0xafef8 45d8.2e30: NT Headers: 0xe8 45d8.2e30: Timestamp: 0x5f488a51 45d8.2e30: Machine: 0x8664 - amd64 45d8.2e30: Timestamp: 0x5f488a51 45d8.2e30: Image Version: 10.0 45d8.2e30: SizeOfImage: 0xb2000 (729088) 45d8.2e30: Resource Dir: 0xb0000 LB 0x520 45d8.2e30: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 45d8.2e30: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 45d8.2e30: ProductName: Microsoft® Windows® Operating System 45d8.2e30: ProductVersion: 10.0.17134.1 45d8.2e30: FileVersion: 10.0.17134.1 (WinBuild.160101.0800) 45d8.2e30: FileDescription: Windows NT BASE API Client DLL 45d8.2e30: \SystemRoot\System32\KernelBase.dll: 45d8.2e30: CreationTime: 2018-11-27T20:43:23.300474400Z 45d8.2e30: LastWriteTime: 2018-11-09T02:47:52.285920600Z 45d8.2e30: ChangeTime: 2018-12-20T17:28:16.089057400Z 45d8.2e30: FileAttributes: 0x20 45d8.2e30: Size: 0x273b78 45d8.2e30: NT Headers: 0xf0 45d8.2e30: Timestamp: 0x428de48c 45d8.2e30: Machine: 0x8664 - amd64 45d8.2e30: Timestamp: 0x428de48c 45d8.2e30: Image Version: 10.0 45d8.2e30: SizeOfImage: 0x273000 (2568192) 45d8.2e30: Resource Dir: 0x251000 LB 0x548 45d8.2e30: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 45d8.2e30: [Raw version resource data: 0x2510b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 45d8.2e30: ProductName: Microsoft® Windows® Operating System 45d8.2e30: ProductVersion: 10.0.17134.441 45d8.2e30: FileVersion: 10.0.17134.441 (WinBuild.160101.0800) 45d8.2e30: FileDescription: Windows NT BASE API Client DLL 45d8.2e30: \SystemRoot\System32\apisetschema.dll: 45d8.2e30: CreationTime: 2018-04-11T23:34:44.042150700Z 45d8.2e30: LastWriteTime: 2018-04-11T23:34:44.042150700Z 45d8.2e30: ChangeTime: 2018-08-02T11:35:09.677325500Z 45d8.2e30: FileAttributes: 0x20 45d8.2e30: Size: 0x1bd98 45d8.2e30: NT Headers: 0xd0 45d8.2e30: Timestamp: 0xd02ff418 45d8.2e30: Machine: 0x8664 - amd64 45d8.2e30: Timestamp: 0xd02ff418 45d8.2e30: Image Version: 10.0 45d8.2e30: SizeOfImage: 0x1c000 (114688) 45d8.2e30: Resource Dir: 0x1b000 LB 0x408 45d8.2e30: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 45d8.2e30: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 45d8.2e30: ProductName: Microsoft® Windows® Operating System 45d8.2e30: ProductVersion: 10.0.17134.1 45d8.2e30: FileVersion: 10.0.17134.1 (WinBuild.160101.0800) 45d8.2e30: FileDescription: ApiSet Schema DLL 45d8.2e30: NtOpenDirectoryObject failed on \Driver: 0xc0000022 45d8.2e30: supR3HardenedWinFindAdversaries: 0x20 45d8.2e30: \SystemRoot\System32\drivers\cfwids.sys: 45d8.2e30: CreationTime: 2018-01-31T17:06:48.000000000Z 45d8.2e30: LastWriteTime: 2018-10-04T08:27:26.000000000Z 45d8.2e30: ChangeTime: 2018-12-26T04:19:44.333339400Z 45d8.2e30: FileAttributes: 0x20 45d8.2e30: Size: 0x12d40 45d8.2e30: NT Headers: 0xf0 45d8.2e30: Timestamp: 0x5b7cebbe 45d8.2e30: Machine: 0x8664 - amd64 45d8.2e30: Timestamp: 0x5b7cebbe 45d8.2e30: Image Version: 0.0 45d8.2e30: SizeOfImage: 0x14000 (81920) 45d8.2e30: Resource Dir: 0x12000 LB 0x550 45d8.2e30: [Version info resource found at 0x80! (ID/Name: 0x1; SubID/SubName: 0x409)] 45d8.2e30: [Raw version resource data: 0x120a0 LB 0x318, codepage 0x0 (reserved 0x0)] 45d8.2e30: ProductName: SYSCORE 45d8.2e30: ProductVersion: 18.9.0.174 45d8.2e30: FileVersion: SYSCORE.18.9.0.174 45d8.2e30: PrivateBuild: SYSCORE.18.9.0.174 45d8.2e30: FileDescription: McAfee Personal Firewall IDS Plugin 45d8.2e30: \SystemRoot\System32\drivers\mfeavfk.sys: 45d8.2e30: CreationTime: 2018-01-31T17:06:48.000000000Z 45d8.2e30: LastWriteTime: 2018-10-04T08:27:26.000000000Z 45d8.2e30: ChangeTime: 2018-12-26T04:19:44.054118000Z 45d8.2e30: FileAttributes: 0x20 45d8.2e30: Size: 0x5ab40 45d8.2e30: NT Headers: 0xe8 45d8.2e30: Timestamp: 0x5b7ceb01 45d8.2e30: Machine: 0x8664 - amd64 45d8.2e30: Timestamp: 0x5b7ceb01 45d8.2e30: Image Version: 0.0 45d8.2e30: SizeOfImage: 0x5b000 (372736) 45d8.2e30: Resource Dir: 0x59000 LB 0x758 45d8.2e30: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 45d8.2e30: [Raw version resource data: 0x59110 LB 0x334, codepage 0x0 (reserved 0x0)] 45d8.2e30: ProductName: SYSCORE 45d8.2e30: ProductVersion: 18.9.0.174 45d8.2e30: FileVersion: SYSCORE.18.9.0.174 45d8.2e30: PrivateBuild: SYSCORE.18.9.0.174 F15,F16,F19 45d8.2e30: FileDescription: Anti-Virus File System Filter Driver 45d8.2e30: \SystemRoot\System32\drivers\mfefirek.sys: 45d8.2e30: CreationTime: 2018-01-31T17:06:48.000000000Z 45d8.2e30: LastWriteTime: 2018-10-04T08:27:26.000000000Z 45d8.2e30: ChangeTime: 2018-12-26T04:19:43.925830500Z 45d8.2e30: FileAttributes: 0x20 45d8.2e30: Size: 0x7dd40 45d8.2e30: NT Headers: 0xf0 45d8.2e30: Timestamp: 0x5b7ceb8a 45d8.2e30: Machine: 0x8664 - amd64 45d8.2e30: Timestamp: 0x5b7ceb8a 45d8.2e30: Image Version: 0.0 45d8.2e30: SizeOfImage: 0x7f000 (520192) 45d8.2e30: Resource Dir: 0x7b000 LB 0x388 45d8.2e30: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 45d8.2e30: [Raw version resource data: 0x7b060 LB 0x328, codepage 0x0 (reserved 0x0)] 45d8.2e30: ProductName: SYSCORE 45d8.2e30: ProductVersion: 18.9.0.174 45d8.2e30: FileVersion: SYSCORE.18.9.0.174 45d8.2e30: PrivateBuild: SYSCORE.18.9.0.174 F17,F18 45d8.2e30: FileDescription: McAfee Core Firewall Engine Driver 45d8.2e30: \SystemRoot\System32\drivers\mfehidk.sys: 45d8.2e30: CreationTime: 2018-01-31T17:06:48.000000000Z 45d8.2e30: LastWriteTime: 2018-10-04T08:27:26.000000000Z 45d8.2e30: ChangeTime: 2018-12-26T04:19:39.056247500Z 45d8.2e30: FileAttributes: 0x20 45d8.2e30: Size: 0xee140 45d8.2e30: NT Headers: 0x108 45d8.2e30: Timestamp: 0x5b7cea9c 45d8.2e30: Machine: 0x8664 - amd64 45d8.2e30: Timestamp: 0x5b7cea9c 45d8.2e30: Image Version: 0.0 45d8.2e30: SizeOfImage: 0xf7000 (1011712) 45d8.2e30: Resource Dir: 0xf3000 LB 0x758 45d8.2e30: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 45d8.2e30: [Raw version resource data: 0xf3110 LB 0x320, codepage 0x0 (reserved 0x0)] 45d8.2e30: ProductName: SYSCORE 45d8.2e30: ProductVersion: 18.9.0.174 45d8.2e30: FileVersion: SYSCORE.18.9.0.174 45d8.2e30: PrivateBuild: SYSCORE.18.9.0.174 F14,F15,F16,F18,F20 45d8.2e30: FileDescription: McAfee Link Driver 45d8.2e30: \SystemRoot\System32\drivers\mfencbdc.sys: 45d8.2e30: CreationTime: 2017-11-21T07:48:58.000000000Z 45d8.2e30: LastWriteTime: 2018-10-02T17:09:34.000000000Z 45d8.2e30: ChangeTime: 2018-12-26T04:20:13.928345700Z 45d8.2e30: FileAttributes: 0x20 45d8.2e30: Size: 0x88f30 45d8.2e30: NT Headers: 0xe0 45d8.2e30: Timestamp: 0x5b843d50 45d8.2e30: Machine: 0x8664 - amd64 45d8.2e30: Timestamp: 0x5b843d50 45d8.2e30: Image Version: 0.0 45d8.2e30: SizeOfImage: 0x8c000 (573440) 45d8.2e30: Resource Dir: 0x8a000 LB 0x3e0 45d8.2e30: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 45d8.2e30: [Raw version resource data: 0x8a060 LB 0x380, codepage 0x0 (reserved 0x0)] 45d8.2e30: ProductName: Anti-Malware Core 45d8.2e30: ProductVersion: 18.9.0 45d8.2e30: FileVersion: Anti-Malware Core.18.9.0.284.x64 45d8.2e30: PrivateBuild: Anti-Malware Core.18.9.0.284.x64 45d8.2e30: FileDescription: Event Driver 45d8.2e30: \SystemRoot\System32\drivers\mfewfpk.sys: 45d8.2e30: CreationTime: 2018-01-31T17:06:48.000000000Z 45d8.2e30: LastWriteTime: 2018-10-04T08:27:26.000000000Z 45d8.2e30: ChangeTime: 2018-12-26T04:18:31.226499400Z 45d8.2e30: FileAttributes: 0x20 45d8.2e30: Size: 0x3df40 45d8.2e30: NT Headers: 0xf0 45d8.2e30: Timestamp: 0x5b7ceab5 45d8.2e30: Machine: 0x8664 - amd64 45d8.2e30: Timestamp: 0x5b7ceab5 45d8.2e30: Image Version: 0.0 45d8.2e30: SizeOfImage: 0x59000 (364544) 45d8.2e30: Resource Dir: 0x57000 LB 0x380 45d8.2e30: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 45d8.2e30: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)] 45d8.2e30: ProductName: SYSCORE 45d8.2e30: ProductVersion: 18.9.0.174 45d8.2e30: FileVersion: SYSCORE.18.9.0.174 45d8.2e30: PrivateBuild: SYSCORE.18.9.0.174 F17,F18 45d8.2e30: FileDescription: Anti-Virus Mini-Firewall Driver 45d8.2e30: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 45d8.2e30: Calling main() 45d8.2e30: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 45d8.2e30: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 45d8.2e30: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 45d8.2e30: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 45d8.2e30: SUPR3HardenedMain: Respawn #2 45d8.2e30: supR3HardNtEnableThreadCreation: 45d8.2e30: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports 45d8.2e30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll) 45d8.2e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll 45d8.2e30: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 45d8.2e30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23e90000 'C:\Windows\System32\ntdll.dll' 45d8.2e30: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb23f04f90 pvNtTerminateThread=00007ffb23f2b3f0 45d8.2e30: supR3HardenedWinDoReSpawn(2): New child 4564.534 [kernel32]. 45d8.2e30: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless) 45d8.2e30: supR3HardNtChildGatherData: PebBaseAddress=0000000000a46000 cbPeb=0x388 45d8.2e30: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffb23e90000 uNtDllChildAddr=00007ffb23e90000 45d8.2e30: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffb23f04f90 45d8.2e30: supR3HardenedWinSetupChildInit: Start child. 45d8.2e30: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 45d8.2e30: supR3HardNtChildPurify: Startup delay kludge #1/0: 514 ms, 59 sleeps 45d8.2e30: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 45d8.2e30: *0000000000000000-00000000008affff 0x0001/0x0000 0x0000000 45d8.2e30: *00000000008b0000-00000000008cffff 0x0004/0x0004 0x0020000 45d8.2e30: *00000000008d0000-00000000008e8fff 0x0002/0x0002 0x0040000 45d8.2e30: 00000000008e9000-00000000008effff 0x0001/0x0000 0x0000000 45d8.2e30: *00000000008f0000-00000000009eafff 0x0000/0x0004 0x0020000 45d8.2e30: 00000000009eb000-00000000009edfff 0x0104/0x0004 0x0020000 45d8.2e30: 00000000009ee000-00000000009effff 0x0004/0x0004 0x0020000 45d8.2e30: *00000000009f0000-00000000009f3fff 0x0002/0x0002 0x0040000 45d8.2e30: 00000000009f4000-00000000009fffff 0x0001/0x0000 0x0000000 45d8.2e30: *0000000000a00000-0000000000a45fff 0x0000/0x0004 0x0020000 45d8.2e30: 0000000000a46000-0000000000a48fff 0x0004/0x0004 0x0020000 45d8.2e30: 0000000000a49000-0000000000bfffff 0x0000/0x0004 0x0020000 45d8.2e30: *0000000000c00000-0000000000c00fff 0x0004/0x0004 0x0020000 45d8.2e30: 0000000000c01000-000000007ffdffff 0x0001/0x0000 0x0000000 45d8.2e30: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 45d8.2e30: 000000007ffe1000-000000007ffe4fff 0x0001/0x0000 0x0000000 45d8.2e30: *000000007ffe5000-000000007ffe5fff 0x0002/0x0002 0x0020000 45d8.2e30: 000000007ffe6000-00007ff5f14fffff 0x0001/0x0000 0x0000000 45d8.2e30: *00007ff5f1500000-00007ff5f1522fff 0x0002/0x0002 0x0040000 45d8.2e30: 00007ff5f1523000-00007ff69b42ffff 0x0001/0x0000 0x0000000 45d8.2e30: *00007ff69b430000-00007ff69b430fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 45d8.2e30: 00007ff69b431000-00007ff69b4a3fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 45d8.2e30: 00007ff69b4a4000-00007ff69b4a4fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 45d8.2e30: 00007ff69b4a5000-00007ff69b4ebfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 45d8.2e30: 00007ff69b4ec000-00007ff69b4ecfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 45d8.2e30: 00007ff69b4ed000-00007ff69b4edfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 45d8.2e30: 00007ff69b4ee000-00007ff69b4f2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 45d8.2e30: 00007ff69b4f3000-00007ff69b4f3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 45d8.2e30: 00007ff69b4f4000-00007ff69b4f4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 45d8.2e30: 00007ff69b4f5000-00007ff69b4f8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 45d8.2e30: 00007ff69b4f9000-00007ff69b541fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 45d8.2e30: 00007ff69b542000-00007ffb23e8ffff 0x0001/0x0000 0x0000000 45d8.2e30: *00007ffb23e90000-00007ffb23e90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 45d8.2e30: 00007ffb23e91000-00007ffb23f9ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 45d8.2e30: 00007ffb23fa0000-00007ffb23fe5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 45d8.2e30: 00007ffb23fe6000-00007ffb23ff0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 45d8.2e30: 00007ffb23ff1000-00007ffb23ffefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 45d8.2e30: 00007ffb23fff000-00007ffb23ffffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 45d8.2e30: 00007ffb24000000-00007ffb24002fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 45d8.2e30: 00007ffb24003000-00007ffb24070fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 45d8.2e30: 00007ffb24071000-00007ffffffeffff 0x0001/0x0000 0x0000000 45d8.2e30: VirtualBoxVM.exe: timestamp 0x5c18e1cd (rc=VINF_SUCCESS) 45d8.2e30: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 45d8.2e30: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports 45d8.2e30: supR3HardNtChildPurify: Done after 576 ms and 0 fixes (loop #0). 4564.534: Log file opened: 6.0.0r127566 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa042ee00 4564.534: supR3HardenedVmProcessInit: uNtDllAddr=00007ffb23e90000 g_uNtVerCombined=0xa042ee00 45d8.2e30: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000510000 LB 0x400000) 45d8.2e30: supR3HardNtEnableThreadCreation: 4564.534: ntdll.dll: timestamp 0x7e614c22 (rc=VINF_SUCCESS) 4564.534: New simple heap: #1 0000000000d10000 LB 0x400000 (for 1970176 allocation) 4564.534: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 4564.534: System32: \Device\HarddiskVolume3\Windows\System32 4564.534: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS 4564.534: KnownDllPath: C:\Windows\System32 4564.534: supR3HardenedVmProcessInit: Opening vboxdrv... 4564.534: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 4564.534: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 4564.534: Registered Dll notification callback with NTDLL. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb20570000 LB 0x00273000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0] 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb23da0000 LB 0x000b2000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23da0000 'C:\Windows\System32\KERNEL32.DLL' 4564.534: supR3HardenedDllNotificationCallback: load 00007ff69b430000 LB 0x00112000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0] 4564.534: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 4564.534: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4564.534: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb23f04f90 pvNtTerminateThread=00007ffb23f2b3f0 45d8.2e30: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 98 ms. 4564.534: \SystemRoot\System32\ntdll.dll: 4564.534: CreationTime: 2018-12-12T16:22:11.967963000Z 4564.534: LastWriteTime: 2018-12-08T08:04:53.786979100Z 4564.534: ChangeTime: 2018-12-20T17:28:16.091009200Z 4564.534: FileAttributes: 0x20 4564.534: Size: 0x1da720 4564.534: NT Headers: 0xe8 4564.534: Timestamp: 0x7e614c22 4564.534: Machine: 0x8664 - amd64 4564.534: Timestamp: 0x7e614c22 4564.534: Image Version: 10.0 4564.534: SizeOfImage: 0x1e1000 (1970176) 4564.534: Resource Dir: 0x174000 LB 0x6b3e8 4564.534: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 4564.534: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)] 4564.534: ProductName: Microsoft® Windows® Operating System 4564.534: ProductVersion: 10.0.17134.471 4564.534: FileVersion: 10.0.17134.471 (WinBuild.160101.0800) 4564.534: FileDescription: NT Layer DLL 4564.534: \SystemRoot\System32\kernel32.dll: 4564.534: CreationTime: 2018-04-11T23:34:40.510607900Z 4564.534: LastWriteTime: 2018-04-11T23:34:40.510607900Z 4564.534: ChangeTime: 2018-08-02T10:52:14.292003200Z 4564.534: FileAttributes: 0x20 4564.534: Size: 0xafef8 4564.534: NT Headers: 0xe8 4564.534: Timestamp: 0x5f488a51 4564.534: Machine: 0x8664 - amd64 4564.534: Timestamp: 0x5f488a51 4564.534: Image Version: 10.0 4564.534: SizeOfImage: 0xb2000 (729088) 4564.534: Resource Dir: 0xb0000 LB 0x520 4564.534: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 4564.534: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 4564.534: ProductName: Microsoft® Windows® Operating System 4564.534: ProductVersion: 10.0.17134.1 4564.534: FileVersion: 10.0.17134.1 (WinBuild.160101.0800) 4564.534: FileDescription: Windows NT BASE API Client DLL 4564.534: \SystemRoot\System32\KernelBase.dll: 4564.534: CreationTime: 2018-11-27T20:43:23.300474400Z 4564.534: LastWriteTime: 2018-11-09T02:47:52.285920600Z 4564.534: ChangeTime: 2018-12-20T17:28:16.089057400Z 4564.534: FileAttributes: 0x20 4564.534: Size: 0x273b78 4564.534: NT Headers: 0xf0 4564.534: Timestamp: 0x428de48c 4564.534: Machine: 0x8664 - amd64 4564.534: Timestamp: 0x428de48c 4564.534: Image Version: 10.0 4564.534: SizeOfImage: 0x273000 (2568192) 4564.534: Resource Dir: 0x251000 LB 0x548 4564.534: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 4564.534: [Raw version resource data: 0x2510b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 4564.534: ProductName: Microsoft® Windows® Operating System 4564.534: ProductVersion: 10.0.17134.441 4564.534: FileVersion: 10.0.17134.441 (WinBuild.160101.0800) 4564.534: FileDescription: Windows NT BASE API Client DLL 4564.534: \SystemRoot\System32\apisetschema.dll: 4564.534: CreationTime: 2018-04-11T23:34:44.042150700Z 4564.534: LastWriteTime: 2018-04-11T23:34:44.042150700Z 4564.534: ChangeTime: 2018-08-02T11:35:09.677325500Z 4564.534: FileAttributes: 0x20 4564.534: Size: 0x1bd98 4564.534: NT Headers: 0xd0 4564.534: Timestamp: 0xd02ff418 4564.534: Machine: 0x8664 - amd64 4564.534: Timestamp: 0xd02ff418 4564.534: Image Version: 10.0 4564.534: SizeOfImage: 0x1c000 (114688) 4564.534: Resource Dir: 0x1b000 LB 0x408 4564.534: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 4564.534: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 4564.534: ProductName: Microsoft® Windows® Operating System 4564.534: ProductVersion: 10.0.17134.1 4564.534: FileVersion: 10.0.17134.1 (WinBuild.160101.0800) 4564.534: FileDescription: ApiSet Schema DLL 4564.534: NtOpenDirectoryObject failed on \Driver: 0xc0000022 4564.534: supR3HardenedWinFindAdversaries: 0x20 4564.534: \SystemRoot\System32\drivers\cfwids.sys: 4564.534: CreationTime: 2018-01-31T17:06:48.000000000Z 4564.534: LastWriteTime: 2018-10-04T08:27:26.000000000Z 4564.534: ChangeTime: 2018-12-26T04:19:44.333339400Z 4564.534: FileAttributes: 0x20 4564.534: Size: 0x12d40 4564.534: NT Headers: 0xf0 4564.534: Timestamp: 0x5b7cebbe 4564.534: Machine: 0x8664 - amd64 4564.534: Timestamp: 0x5b7cebbe 4564.534: Image Version: 0.0 4564.534: SizeOfImage: 0x14000 (81920) 4564.534: Resource Dir: 0x12000 LB 0x550 4564.534: [Version info resource found at 0x80! (ID/Name: 0x1; SubID/SubName: 0x409)] 4564.534: [Raw version resource data: 0x120a0 LB 0x318, codepage 0x0 (reserved 0x0)] 4564.534: ProductName: SYSCORE 4564.534: ProductVersion: 18.9.0.174 4564.534: FileVersion: SYSCORE.18.9.0.174 4564.534: PrivateBuild: SYSCORE.18.9.0.174 4564.534: FileDescription: McAfee Personal Firewall IDS Plugin 4564.534: \SystemRoot\System32\drivers\mfeavfk.sys: 4564.534: CreationTime: 2018-01-31T17:06:48.000000000Z 4564.534: LastWriteTime: 2018-10-04T08:27:26.000000000Z 4564.534: ChangeTime: 2018-12-26T04:19:44.054118000Z 4564.534: FileAttributes: 0x20 4564.534: Size: 0x5ab40 4564.534: NT Headers: 0xe8 4564.534: Timestamp: 0x5b7ceb01 4564.534: Machine: 0x8664 - amd64 4564.534: Timestamp: 0x5b7ceb01 4564.534: Image Version: 0.0 4564.534: SizeOfImage: 0x5b000 (372736) 4564.534: Resource Dir: 0x59000 LB 0x758 4564.534: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 4564.534: [Raw version resource data: 0x59110 LB 0x334, codepage 0x0 (reserved 0x0)] 4564.534: ProductName: SYSCORE 4564.534: ProductVersion: 18.9.0.174 4564.534: FileVersion: SYSCORE.18.9.0.174 4564.534: PrivateBuild: SYSCORE.18.9.0.174 F15,F16,F19 4564.534: FileDescription: Anti-Virus File System Filter Driver 4564.534: \SystemRoot\System32\drivers\mfefirek.sys: 4564.534: CreationTime: 2018-01-31T17:06:48.000000000Z 4564.534: LastWriteTime: 2018-10-04T08:27:26.000000000Z 4564.534: ChangeTime: 2018-12-26T04:19:43.925830500Z 4564.534: FileAttributes: 0x20 4564.534: Size: 0x7dd40 4564.534: NT Headers: 0xf0 4564.534: Timestamp: 0x5b7ceb8a 4564.534: Machine: 0x8664 - amd64 4564.534: Timestamp: 0x5b7ceb8a 4564.534: Image Version: 0.0 4564.534: SizeOfImage: 0x7f000 (520192) 4564.534: Resource Dir: 0x7b000 LB 0x388 4564.534: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 4564.534: [Raw version resource data: 0x7b060 LB 0x328, codepage 0x0 (reserved 0x0)] 4564.534: ProductName: SYSCORE 4564.534: ProductVersion: 18.9.0.174 4564.534: FileVersion: SYSCORE.18.9.0.174 4564.534: PrivateBuild: SYSCORE.18.9.0.174 F17,F18 4564.534: FileDescription: McAfee Core Firewall Engine Driver 4564.534: \SystemRoot\System32\drivers\mfehidk.sys: 4564.534: CreationTime: 2018-01-31T17:06:48.000000000Z 4564.534: LastWriteTime: 2018-10-04T08:27:26.000000000Z 4564.534: ChangeTime: 2018-12-26T04:19:39.056247500Z 4564.534: FileAttributes: 0x20 4564.534: Size: 0xee140 4564.534: NT Headers: 0x108 4564.534: Timestamp: 0x5b7cea9c 4564.534: Machine: 0x8664 - amd64 4564.534: Timestamp: 0x5b7cea9c 4564.534: Image Version: 0.0 4564.534: SizeOfImage: 0xf7000 (1011712) 4564.534: Resource Dir: 0xf3000 LB 0x758 4564.534: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 4564.534: [Raw version resource data: 0xf3110 LB 0x320, codepage 0x0 (reserved 0x0)] 4564.534: ProductName: SYSCORE 4564.534: ProductVersion: 18.9.0.174 4564.534: FileVersion: SYSCORE.18.9.0.174 4564.534: PrivateBuild: SYSCORE.18.9.0.174 F14,F15,F16,F18,F20 4564.534: FileDescription: McAfee Link Driver 4564.534: \SystemRoot\System32\drivers\mfencbdc.sys: 4564.534: CreationTime: 2017-11-21T07:48:58.000000000Z 4564.534: LastWriteTime: 2018-10-02T17:09:34.000000000Z 4564.534: ChangeTime: 2018-12-26T04:20:13.928345700Z 4564.534: FileAttributes: 0x20 4564.534: Size: 0x88f30 4564.534: NT Headers: 0xe0 4564.534: Timestamp: 0x5b843d50 4564.534: Machine: 0x8664 - amd64 4564.534: Timestamp: 0x5b843d50 4564.534: Image Version: 0.0 4564.534: SizeOfImage: 0x8c000 (573440) 4564.534: Resource Dir: 0x8a000 LB 0x3e0 4564.534: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 4564.534: [Raw version resource data: 0x8a060 LB 0x380, codepage 0x0 (reserved 0x0)] 4564.534: ProductName: Anti-Malware Core 4564.534: ProductVersion: 18.9.0 4564.534: FileVersion: Anti-Malware Core.18.9.0.284.x64 4564.534: PrivateBuild: Anti-Malware Core.18.9.0.284.x64 4564.534: FileDescription: Event Driver 4564.534: \SystemRoot\System32\drivers\mfewfpk.sys: 4564.534: CreationTime: 2018-01-31T17:06:48.000000000Z 4564.534: LastWriteTime: 2018-10-04T08:27:26.000000000Z 4564.534: ChangeTime: 2018-12-26T04:18:31.226499400Z 4564.534: FileAttributes: 0x20 4564.534: Size: 0x3df40 4564.534: NT Headers: 0xf0 4564.534: Timestamp: 0x5b7ceab5 4564.534: Machine: 0x8664 - amd64 4564.534: Timestamp: 0x5b7ceab5 4564.534: Image Version: 0.0 4564.534: SizeOfImage: 0x59000 (364544) 4564.534: Resource Dir: 0x57000 LB 0x380 4564.534: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 4564.534: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)] 4564.534: ProductName: SYSCORE 4564.534: ProductVersion: 18.9.0.174 4564.534: FileVersion: SYSCORE.18.9.0.174 4564.534: PrivateBuild: SYSCORE.18.9.0.174 F17,F18 4564.534: FileDescription: Anti-Virus Mini-Firewall Driver 4564.534: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 4564.534: Calling main() 4564.534: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 4564.534: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 4564.534: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 4564.534: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 4564.534: SUPR3HardenedMain: Final process, opening VBoxDrv... 4564.534: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000d10000 LB 0x400000) 4564.534: supR3HardNtEnableThreadCreation: 4564.534: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb18610000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb18610000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb18610000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb18610000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'msasn1.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb23890000 LB 0x0009e000 C:\Windows\System32\msvcrt.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb201a0000 LB 0x00012000 C:\Windows\System32\MSASN1.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb21220000 LB 0x000fa000 C:\Windows\System32\ucrtbase.dll [fFlags=0x0] 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb20310000 LB 0x001e2000 C:\Windows\System32\CRYPT32.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb23090000 LB 0x00124000 C:\Windows\System32\RPCRT4.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb23430000 LB 0x0005b000 C:\Windows\System32\sechost.dll [fFlags=0x0] 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb23960000 LB 0x000a1000 C:\Windows\System32\advapi32.dll [fFlags=0x0] 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb21020000 LB 0x00057000 C:\Windows\System32\Wintrust.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20570000 'api-ms-win-core-synch-l1-2-0' 4564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20570000 'api-ms-win-core-fibers-l1-1-1' 4564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20570000 'api-ms-win-core-fibers-l1-1-1' 4564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20570000 'api-ms-win-core-synch-l1-2-0' 4564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20570000 'api-ms-win-core-localization-l1-2-1' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21020000 'C:\Windows\system32\Wintrust.dll' 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1fd00000 LB 0x00025000 C:\Windows\system32\bcrypt.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1fd00000 'C:\Windows\system32\bcrypt.dll' 4564.534: bcrypt.dll loaded at 00007ffb1fd00000, BCryptOpenAlgorithmProvider at 00007ffb1fd02770, preloading providers: 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb20fa0000 LB 0x0007a000 C:\Windows\System32\bcryptprimitives.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20fa0000 'C:\Windows\system32\bcryptprimitives.dll' 4564.534: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000001125120) 4564.534: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000112c620) 4564.534: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000112f9a0) 4564.534: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000112fc70) 4564.534: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000112ff40) 4564.534: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000001130210) 4564.534: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000011304e0) 4564.534: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000011307b0) 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1fbd0000 LB 0x00017000 C:\Windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1f5d0000 LB 0x00033000 C:\Windows\system32\rsaenh.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1fbf0000 LB 0x0000b000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23da0000 'C:\Windows\System32\kernel32.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21020000 'C:\Windows\System32\WINTRUST.DLL' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\CRYPT32.dll' 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb23930000 LB 0x0001d000 C:\Windows\System32\imagehlp.dll [fFlags=0x0] 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1eea0000 LB 0x00022000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb20220000 LB 0x0001f000 C:\Windows\System32\profapi.dll [fFlags=0x0] 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb0e570000 LB 0x0002e000 C:\Windows\System32\cryptnet.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D718C6590C8EC69621641D918F7E93AE14B7CE0C 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23090000 'C:\Windows\System32\rpcrt4.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1759_for_KB4483234~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\SystemRoot\System32\ntdll.dll' 4564.534: g_pfnWinVerifyTrust=00007ffb21029940 4564.534: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' 4564.534: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000038c pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2EB3B5899525BF398A932A3B6257F3B13169332E 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\system32\crypt32.dll' 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp. 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048) 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3 4564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root 4564.534: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=42 4564.534: SUPR3HardenedMain: Load Runtime... 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 4564.534: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01: [calling] 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust] 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 4564.534: supR3HardenedDllNotificationCallback: load 0000000074eb0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust] 4564.534: supR3HardenedDllNotificationCallback: load 00000000748a0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb23330000 LB 0x0006c000 C:\Windows\System32\WS2_32.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffae4b10000 LB 0x0052a000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 4564.534: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21020000 'C:\Windows\system32\Wintrust.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\system32\crypt32.dll' 4564.534: SUPR3HardenedMain: Load TrustedMain... 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxglobal.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008] 4564.534: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmmbase.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmmbase.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 4564.534: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 4564.534: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'gdi32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'user32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'combase.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.534: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4564.534: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 4564.534: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. 4564.534: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 4564.534: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 4564.534: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 4564.534: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 4564.534: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'user32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #76 'gdi32.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 4564.534: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008] 4564.534: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008] 4564.534: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll' 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll' 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxglobal.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxglobal.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxglobal.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGlobal.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGlobal.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [redoing WinVerifyTrust] 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000047c pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=19A1CD90C2208B3BD0567A538CC10CADA852F417 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00112~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.534: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01: [calling] 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGlobal.dll 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust] 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust] 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust] 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust] 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb20500000 LB 0x00020000 C:\Windows\System32\win32u.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [avoiding WinVerifyTrust] 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb207f0000 LB 0x0009f000 C:\Windows\System32\msvcp_win.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust] 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb21080000 LB 0x00192000 C:\Windows\System32\gdi32full.dll [fFlags=0x0] 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb23060000 LB 0x00028000 C:\Windows\System32\GDI32.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [avoiding WinVerifyTrust] 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb215d0000 LB 0x00190000 C:\Windows\System32\USER32.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [avoiding WinVerifyTrust] 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb11460000 LB 0x0002c000 C:\Windows\SYSTEM32\GLU32.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust] 4564.534: supR3HardenedDllNotificationCallback: load 00007ffafd380000 LB 0x00120000 C:\Windows\SYSTEM32\OPENGL32.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb20520000 LB 0x00049000 C:\Windows\System32\cfgmgr32.dll [fFlags=0x0] 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb23560000 LB 0x00322000 C:\Windows\System32\combase.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust] 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb23cf0000 LB 0x000a9000 C:\Windows\System32\shcore.dll [fFlags=0x0] 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'rpcrt4.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb233d0000 LB 0x00051000 C:\Windows\System32\shlwapi.dll [fFlags=0x0] 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb20240000 LB 0x00011000 C:\Windows\System32\kernel.appcore.dll [fFlags=0x0] 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb201d0000 LB 0x0004c000 C:\Windows\System32\powrprof.dll [fFlags=0x0] 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb201c0000 LB 0x0000a000 C:\Windows\System32\FLTLIB.DLL [fFlags=0x0] 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\fltLib.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\fltLib.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb20890000 LB 0x0070d000 C:\Windows\System32\windows.storage.dll [fFlags=0x0] 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #54 'combase.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'profapi.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #81 'fltlib.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb21770000 LB 0x01440000 C:\Windows\System32\SHELL32.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [avoiding WinVerifyTrust] 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb23a10000 LB 0x00151000 C:\Windows\System32\ole32.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb173b0000 LB 0x0001a000 C:\Windows\SYSTEM32\MPR.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust] 4564.534: supR3HardenedDllNotificationCallback: load 0000000074940000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffad9900000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 4564.534: supR3HardenedDllNotificationCallback: load 00000000741a0000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust] 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb23490000 LB 0x000c2000 C:\Windows\System32\OLEAUT32.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffad9f00000 LB 0x00592000 C:\Program Files\Oracle\VirtualBox\VBoxGlobal.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGlobal.dll 4564.534: supR3HardenedDllNotificationCallback: load 0000000075c10000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1d520000 LB 0x0002a000 C:\Windows\SYSTEM32\WINMMBASE.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust] 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1db20000 LB 0x00023000 C:\Windows\SYSTEM32\WINMM.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffad4ec0000 LB 0x01f0f000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'. 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled] 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\fltLib.dll'. 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\fltLib.dll' [rescheduled] 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'. 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled] 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'. 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled] 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'. 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled] 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'. 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled] 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'. 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled] 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] 4564.534: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] 4564.534: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'. 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'fltlib.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'fltlib.dll' -> '\Device\HarddiskVolume3\Windows\System32\fltlib.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\fltLib.dll [redoing WinVerifyTrust] 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\fltLib.dll'. 4564.534: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\fltLib.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust] 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. 4564.534: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust] 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. 4564.534: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust] 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. 4564.534: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust] 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. 4564.534: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust] 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. 4564.534: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust] 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. 4564.534: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust] 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. 4564.534: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust] 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. 4564.534: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23da0000 'C:\Windows\System32\kernel32.dll' 4564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20570000 'api-ms-win-core-string-l1-1-0' 4564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20570000 'api-ms-win-core-datetime-l1-1-1' 4564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20570000 'api-ms-win-core-localization-obsolete-l1-2-0' 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust] 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. 4564.534: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust] 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. 4564.534: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb233a0000 LB 0x0002d000 C:\Windows\System32\IMM32.DLL [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb233a0000 'C:\Windows\system32\IMM32.DLL' 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'. 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23960000 'C:\Windows\System32\ADVAPI32.DLL' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad4ec0000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll' 4564.534: SUPR3HardenedMain: Calling TrustedMain (00007ffad4ec16c0)... 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [redoing WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [redoing WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffaebee0000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaebee0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000614 pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=15C67EA66CCB2DD0FE18A5AB58A7BA1C113BBA6A 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00115~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1ea90000 LB 0x00098000 C:\Windows\system32\uxtheme.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ea90000 'C:\Windows\system32\uxtheme.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb215d0000 'C:\Windows\system32\user32.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\system32\shell32.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll [redoing WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23cf0000 'C:\Windows\system32\SHCore.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Windows\system32\wintab32.dll' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'win32u.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'gdi32.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dwmapi.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1eb60000 LB 0x00029000 C:\Windows\system32\dwmapi.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\system32\winmm.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\system32\winmm.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\system32\shell32.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ea90000 'C:\Windows\system32\uxtheme.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23960000 'C:\Windows\system32\advapi32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'profapi.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb200a0000 LB 0x00028000 C:\Windows\system32\userenv.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb200a0000 'C:\Windows\system32\userenv.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23da0000 'C:\Windows\System32\kernel32.dll' 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb214d0000 LB 0x000a0000 C:\Windows\System32\clbcatq.dll [fFlags=0x0] 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 4564.160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll' 4564.160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 4564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 4564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 4564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 4564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'. 4564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'. 4564.160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust 4564.160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 4564.160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 4564.160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 4564.160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 4564.160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 4564.160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 4564.160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll 4564.160: supR3HardenedDllNotificationCallback: load 00007ffadf3a0000 LB 0x003a0000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0] 4564.160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll 4564.160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadf3a0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll' 4564.160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 4564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 4564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 4564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'. 4564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'. 4564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'. 4564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 4564.160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust 4564.160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 4564.160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 4564.160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 4564.160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [redoing WinVerifyTrust] 4564.160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.160: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 4564.160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 4564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 4564.160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 4564.160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll 4564.160: supR3HardenedDllNotificationCallback: load 00007ffaebe00000 LB 0x000d4000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0] 4564.160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll 4564.160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaebe00000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll' 4564.160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 4564.160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 4564.160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23490000 'C:\Windows\System32\oleaut32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23060000 'C:\Windows\system32\gdi32.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\system32\shell32.dll' 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb23b70000 LB 0x00173000 C:\Windows\System32\MSCTF.dll [fFlags=0x0] 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'oleaut32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'user32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'imm32.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msctf.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000098c pwszName=\Device\HarddiskVolume3\Windows\System32\DataExchange.dll 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=07B480615AD13C4A3DD6B7A2F86ED35195B9CA49 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0010~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\DataExchange.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'combase.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'd3d11.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'dcomp.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DataExchange.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DataExchange.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume3\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'oleaut32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'dxgi.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dcomp.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dcomp.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008] 4564.534: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dxgi.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dxgi.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'win32u.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\d3d11.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\d3d11.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [avoiding WinVerifyTrust] 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1ef20000 LB 0x000bb000 C:\Windows\system32\dxgi.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [avoiding WinVerifyTrust] 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1d210000 LB 0x0030b000 C:\Windows\system32\d3d11.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1db50000 LB 0x0019c000 C:\Windows\system32\dcomp.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb078b0000 LB 0x00058000 C:\Windows\system32\dataexchange.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'. 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rescheduled] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23060000 'C:\Windows\System32\gdi32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb078b0000 'C:\Windows\system32\dataexchange.dll' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rmclient.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rmclient.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rmclient.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1e570000 LB 0x00021000 C:\Windows\system32\RMCLIENT.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rmclient.dll [avoiding WinVerifyTrust] 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1e5f0000 LB 0x001b8000 C:\Windows\system32\twinapi.appcore.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rmclient.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rmclient.dll' -> '\Device\HarddiskVolume3\Windows\System32\rmclient.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rmclient.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rmclient.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23cf0000 'C:\Windows\system32\Shcore.dll' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'coreuicomponents.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'coremessaging.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'shcore.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntmarta.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntmarta.dll 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'bcryptprimitives.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinTypes.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinTypes.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1f250000 LB 0x00031000 C:\Windows\SYSTEM32\ntmarta.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust] 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1e0f0000 LB 0x000da000 C:\Windows\System32\CoreMessaging.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust] 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1c100000 LB 0x0014d000 C:\Windows\SYSTEM32\wintypes.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust] 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1c250000 LB 0x0031e000 C:\Windows\System32\CoreUIComponents.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust] 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1b060000 LB 0x00096000 C:\Windows\System32\TextInputFramework.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume3\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WinTypes.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntmarta.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23490000 'C:\Windows\System32\OLEAUT32.DLL' 4564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb215d0000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll' 4564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb215d0000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll' 4564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23560000 'api-ms-win-core-com-l1-1-0.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23b70000 'C:\Windows\System32\MSCTF.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\system32\shell32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\system32\shell32.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1eb60000 'C:\Windows\system32\dwmapi.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ea90000 'C:\Windows\system32\uxtheme.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\SYSTEM32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1eb60000 'C:\Windows\SYSTEM32\dwmapi.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a58 pwszName=\Device\HarddiskVolume3\Windows\System32\comdlg32.dll 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6868B70823C29BB44065B2BB121FA81DF77F96EB 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'shlwapi.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'comctl32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'shell32.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\comdlg32.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comdlg32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rcNtRedir=0x0] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\comctl32.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comctl32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\comdlg32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.472_none_f9558ad13092c43c\comctl32.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.472_none_f9558ad13092c43c\comctl32.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffaf02b0000 LB 0x000a7000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.472_none_f9558ad13092c43c\COMCTL32.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.472_none_f9558ad13092c43c\comctl32.dll [avoiding WinVerifyTrust] 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb231c0000 LB 0x000ed000 C:\Windows\System32\comdlg32.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\comdlg32.dll 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.472_none_f9558ad13092c43c\comctl32.dll'. 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.472_none_f9558ad13092c43c\comctl32.dll' [rescheduled] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb233a0000 'C:\Windows\System32\imm32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb231c0000 'C:\Windows\System32\comdlg32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\propsys.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\propsys.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\propsys.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1ca00000 LB 0x001b4000 C:\Windows\system32\propsys.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ca00000 'C:\Windows\system32\propsys.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\windows.storage.dll [redoing WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\windows.storage.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20890000 'C:\Windows\system32\windows.storage.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\windows.storage.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Windows.Storage.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20890000 'C:\Windows\system32\Windows.Storage.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'gdi32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'user32.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb0e840000 LB 0x00269000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll (Input=comctl32, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\system32\shell32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'user32.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\ink\tiptsf.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\ink\tiptsf.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\ink\tiptsf.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffaee570000 LB 0x000a5000 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\ink\tiptsf.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaee570000 'C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'oleaut32.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\edputil.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\edputil.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffafecc0000 LB 0x00044000 C:\Windows\SYSTEM32\edputil.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\edputil.dll [avoiding WinVerifyTrust] 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b58 pwszName=\Device\HarddiskVolume3\Windows\System32\edputil.dll 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A98AB64534C9A66B8A26B14B7D32ACFB4404796 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0017~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\edputil.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\edputil.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b4c pwszName=\Device\HarddiskVolume3\Windows\System32\ExplorerFrame.dll 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B8481834FF5C50511102DBD4C26061CFFE0C0211 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\ExplorerFrame.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'advapi32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'imm32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'user32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'gdi32.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ExplorerFrame.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ExplorerFrame.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\explorerframe.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ExplorerFrame.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffaf7100000 LB 0x00495000 C:\Windows\system32\explorerframe.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ExplorerFrame.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf7100000 'C:\Windows\system32\explorerframe.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000004001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dui70.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dui70.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffaec700000 LB 0x001ab000 C:\Windows\system32\DUI70.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dui70.dll [avoiding WinVerifyTrust] 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bb4 pwszName=\Device\HarddiskVolume3\Windows\System32\dui70.dll 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1510BF236857F46A8A0CA102946C0B1690491DC1 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1794_for_KB4467682~31bf3856ad364e35~amd64~~10.0.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\dui70.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dui70.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\Comctl32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'gdi32.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\duser.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\duser.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffaef7a0000 LB 0x00093000 C:\Windows\system32\DUser.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\duser.dll [avoiding WinVerifyTrust] 4564.534: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\duser.dll'. 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\duser.dll' [rescheduled] 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\ntdll.dll'. 4564.534: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23e90000 'C:\Windows\System32\ntdll.dll' 4564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\ntdll.dll'. 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' [rescheduled] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb215d0000 'C:\Windows\System32\user32.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\duser.dll [redoing WinVerifyTrust] 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bc4 pwszName=\Device\HarddiskVolume3\Windows\System32\duser.dll 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EEE06C65A782886576C09832F69649332E5F519E 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0016~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\duser.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.534: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\duser.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DUser.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaef7a0000 'C:\Windows\system32\DUser.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb215d0000 'C:\Windows\System32\user32.dll' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1c740000 LB 0x001ae000 C:\Windows\SYSTEM32\WindowsCodecs.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll [avoiding WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shcore.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\thumbcache.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\thumbcache.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\thumbcache.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\thumbcache.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffaff880000 LB 0x0005c000 C:\Windows\System32\thumbcache.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\thumbcache.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaff880000 'C:\Windows\System32\thumbcache.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c48 pwszName=\Device\HarddiskVolume3\Windows\System32\msftedit.dll 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=267BC169582C0D29EB8471C1650D1AC3042E0E15 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1358_for_KB4483234~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\msftedit.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msftedit.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msftedit.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MsftEdit.dll (Input=MsftEdit.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msftedit.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb133d0000 LB 0x00339000 C:\Windows\System32\MsftEdit.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msftedit.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb133d0000 'C:\Windows\System32\MsftEdit.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cb8 pwszName=\Device\HarddiskVolume3\Windows\System32\Windows.Globalization.dll 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D87514FCF2BE2B92F22EEFA7D80B8E73FED8375B 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1302_for_KB4467702~31bf3856ad364e35~amd64~~10.0.1.6.cat'; file='\Device\HarddiskVolume3\Windows\System32\Windows.Globalization.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'oleaut32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'rpcrt4.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'combase.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'bcp47langs.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'bcp47mrm.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\Windows.Globalization.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\Windows.Globalization.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcp47mrm.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcp47mrm.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcp47mrm.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\BCP47mrm.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\BCP47mrm.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcp47langs.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcp47langs.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcp47langs.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\BCP47Langs.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\BCP47Langs.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\Windows.Globalization.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.Globalization.dll 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\BCP47Langs.dll 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\BCP47mrm.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb13380000 LB 0x00050000 C:\Windows\System32\Bcp47Langs.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\BCP47Langs.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb130c0000 LB 0x00029000 C:\Windows\System32\bcp47mrm.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\BCP47mrm.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb11000000 LB 0x00189000 C:\Windows\System32\Windows.Globalization.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.Globalization.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb11000000 'C:\Windows\System32\Windows.Globalization.dll' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'bcp47langs.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'user32.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\globinputhost.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\globinputhost.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb1dd70000 LB 0x0002a000 C:\Windows\SYSTEM32\globinputhost.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\globinputhost.dll [avoiding WinVerifyTrust] 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d0c pwszName=\Device\HarddiskVolume3\Windows\System32\globinputhost.dll 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EE1534582E3472A41541A3E597BA88F75001380C 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcp47langs.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcp47langs.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcp47langs.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\BCP47Langs.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package001021~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\globinputhost.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\globinputhost.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23a10000 'C:\Windows\System32\ole32.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msctf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23b70000 'C:\Windows\System32\msctf.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msctf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23b70000 'C:\Windows\system32\msctf.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\xmllite.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\xmllite.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\xmllite.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\xmllite.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb17360000 LB 0x00039000 C:\Windows\system32\xmllite.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\xmllite.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17360000 'C:\Windows\system32\xmllite.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\shell32.dll (Input=shell32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000004001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'shcore.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\StructuredQuery.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\StructuredQuery.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\StructuredQuery.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\StructuredQuery.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb18550000 LB 0x000ab000 C:\Windows\System32\StructuredQuery.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\StructuredQuery.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb18550000 'C:\Windows\System32\StructuredQuery.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d50 pwszName=\Device\HarddiskVolume3\Windows\System32\atlthunk.dll 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2B5BAE9325DA4A6F17F099C18E3EF6C1C488D21B 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0010~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\atlthunk.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\atlthunk.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\atlthunk.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\atlthunk.dll (Input=atlthunk.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\atlthunk.dll 4564.47b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.47b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.47b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.47b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 4564.47b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\Windows.StateRepositoryPS.dll) WinVerifyTrust 4564.47b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\Windows.StateRepositoryPS.dll 4564.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.47b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\\Windows.StateRepositoryPS.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 4564.534: supR3HardenedDllNotificationCallback: load 00007ffaffb90000 LB 0x0000c000 C:\Windows\System32\atlthunk.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\atlthunk.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaffb90000 'C:\Windows\System32\atlthunk.dll' 4564.47b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.StateRepositoryPS.dll 4564.47b4: supR3HardenedDllNotificationCallback: load 00007ffb15a80000 LB 0x00131000 C:\Windows\System32\Windows.StateRepositoryPS.dll [fFlags=0x0] 4564.47b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.StateRepositoryPS.dll 4564.47b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb15a80000 'C:\Windows\System32\\Windows.StateRepositoryPS.dll' 4564.21ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000db4 pwszName=\Device\HarddiskVolume3\Windows\System32\Windows.Storage.Search.dll 4564.21ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800 4564.21ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800 4564.21ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F794961C62AEEEDBE3C6D284B2BED25756D6E295 4564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.21ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0010~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\Windows.Storage.Search.dll' 4564.21ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'. 4564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'windows.storage.dll'. 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'windows.storage.dll'... 4564.21ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\Windows.Storage.Search.dll) WinVerifyTrust 4564.21ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\Windows.Storage.Search.dll 4564.21ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Windows.Storage.Search.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'windows.storage.dll' -> '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\windows.storage.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.21ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.Storage.Search.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\xmllite.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\xmllite.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 4564.21ac: supR3HardenedDllNotificationCallback: load 00007ffaf47e0000 LB 0x000bd000 C:\Windows\system32\Windows.Storage.Search.dll [fFlags=0x0] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17360000 'C:\Windows\system32\xmllite.dll' 4564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.Storage.Search.dll 4564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf47e0000 'C:\Windows\system32\Windows.Storage.Search.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll' 4564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'fltlib.dll'. 4564.21ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cldapi.dll) 4564.21ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cldapi.dll 4564.21ac: supR3HardenedDllNotificationCallback: load 00007ffb11440000 LB 0x0001d000 C:\Windows\SYSTEM32\CLDAPI.dll [fFlags=0x0] 4564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cldapi.dll [avoiding WinVerifyTrust] 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000df4 pwszName=\Device\HarddiskVolume3\Windows\System32\cldapi.dll 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0FEA052919BDD1B162D19DBCEBB2A3111F687E2C 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'fltlib.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'fltlib.dll' -> '\Device\HarddiskVolume3\Windows\System32\fltlib.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\fltLib.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\cldapi.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cldapi.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\windowscodecs.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1c740000 'C:\Windows\system32\windowscodecs.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.21ac: supR3HardenedDllNotificationCallback: load 00007ffb232b0000 LB 0x00074000 C:\Windows\System32\coml2.dll [fFlags=0x0] 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e80 pwszName=\Device\HarddiskVolume3\Windows\System32\drprov.dll 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8CF9537AAD625E2E0D00B2260973DB1E67689249 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'bcryptprimitives.dll'. 4564.21ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\coml2.dll) 4564.21ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\coml2.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00116~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\drprov.dll' 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\windows.storage.dll 4564.21ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winsta.dll'. 4564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\drprov.dll) WinVerifyTrust 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\drprov.dll 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winsta.dll'... 4564.21ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.21ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\windows.storage.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 4564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20890000 'C:\Windows\System32\windows.storage.dll' 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'winsta.dll' -> '\Device\HarddiskVolume3\Windows\System32\winsta.dll' [rcNtRedir=0xc0150008] 4564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.21ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\linkinfo.dll) 4564.21ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\linkinfo.dll 4564.21ac: supR3HardenedDllNotificationCallback: load 00007ffb17160000 LB 0x0000d000 C:\Windows\SYSTEM32\LINKINFO.dll [fFlags=0x0] 4564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\linkinfo.dll [avoiding WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\coml2.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000dec pwszName=\Device\HarddiskVolume3\Windows\System32\linkinfo.dll 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=79BC3FF6528CDFB9282EE87911AC3B0562B5DA4C 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winsta.dll) WinVerifyTrust 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winsta.dll 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\drprov.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 4564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\drprov.dll 4564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winsta.dll 4564.2e34: supR3HardenedDllNotificationCallback: load 00007ffb1f2c0000 LB 0x00056000 C:\Windows\System32\WINSTA.dll [fFlags=0x0] 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winsta.dll 4564.2e34: supR3HardenedDllNotificationCallback: load 00007ffb17c20000 LB 0x0000b000 C:\Windows\System32\drprov.dll [fFlags=0x0] 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\drprov.dll 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00115~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\linkinfo.dll' 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17c20000 'C:\Windows\System32\drprov.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\linkinfo.dll' 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ec4 pwszName=\Device\HarddiskVolume3\Windows\System32\ntlanman.dll 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CD38B72E1A4E988BECE59A064EBFC4B1261047F1 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0016~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\ntlanman.dll' 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntlanman.dll) WinVerifyTrust 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntlanman.dll 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntlanman.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 4564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntlanman.dll 4564.2e34: supR3HardenedDllNotificationCallback: load 00007ffaf8a70000 LB 0x00016000 C:\Windows\System32\ntlanman.dll [fFlags=0x0] 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntlanman.dll 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8a70000 'C:\Windows\System32\ntlanman.dll' 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ebc pwszName=\Device\HarddiskVolume3\Windows\System32\davclnt.dll 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=88420B1CF9DBB8B243714E5420E52E40098E7221 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\davclnt.dll' 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'davhlpr.dll'. 4564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\davclnt.dll) WinVerifyTrust 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\davclnt.dll 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'davhlpr.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'davhlpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\davhlpr.dll' [rcNtRedir=0xc0150008] 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ed8 pwszName=\Device\HarddiskVolume3\Windows\System32\davhlpr.dll 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4A1E52EC251FF08444227F7EF4901D327D1E05C9 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\davhlpr.dll' 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\davhlpr.dll) WinVerifyTrust 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\davhlpr.dll 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\davclnt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 4564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\davclnt.dll 4564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\davhlpr.dll 4564.2e34: supR3HardenedDllNotificationCallback: load 00007ffb17820000 LB 0x0000c000 C:\Windows\System32\DAVHLPR.dll [fFlags=0x0] 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\davhlpr.dll 4564.2e34: supR3HardenedDllNotificationCallback: load 00007ffaf8570000 LB 0x0001d000 C:\Windows\System32\davclnt.dll [fFlags=0x0] 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\davclnt.dll 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8570000 'C:\Windows\System32\davclnt.dll' 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\drprov.dll 4564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\drprov.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17c20000 'C:\Windows\System32\drprov.dll' 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntdll.dll [redoing WinVerifyTrust] 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' 4564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23e90000 'C:\Windows\System32\ntdll.dll' 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntlanman.dll 4564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntlanman.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8a70000 'C:\Windows\System32\ntlanman.dll' 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'bcrypt.dll'. 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'. 4564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wkscli.dll) 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wkscli.dll 4564.2e34: supR3HardenedDllNotificationCallback: load 00007ffb17d70000 LB 0x00017000 C:\Windows\System32\wkscli.dll [fFlags=0x0] 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wkscli.dll [avoiding WinVerifyTrust] 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 4564.2e34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2e34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wkscli.dll' 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000edc pwszName=\Device\HarddiskVolume3\Windows\System32\cscapi.dll 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4DB1D8118927E8E6291E31AA26ECDAD1B680670B 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\cscapi.dll' 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cscapi.dll) WinVerifyTrust 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cscapi.dll 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cscapi.dll (Input=cscapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cscapi.dll 4564.2e34: supR3HardenedDllNotificationCallback: load 00007ffb076f0000 LB 0x00012000 C:\Windows\System32\cscapi.dll [fFlags=0x0] 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cscapi.dll 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb076f0000 'C:\Windows\System32\cscapi.dll' 4564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\netutils.dll) 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\netutils.dll 4564.2ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2e34: supR3HardenedDllNotificationCallback: load 00007ffb1f8a0000 LB 0x0000e000 C:\Windows\System32\netutils.dll [fFlags=0x0] 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\netutils.dll [avoiding WinVerifyTrust] 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.2ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'. 4564.2ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'combase.dll'. 4564.2ef0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\OneCoreUAPCommonProxyStub.dll) WinVerifyTrust 4564.2ef0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\OneCoreUAPCommonProxyStub.dll 4564.2ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 4564.2ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 4564.2ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.2ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.2ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.2ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.2ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\OneCoreUAPCommonProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 4564.2ef0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\OneCoreUAPCommonProxyStub.dll 4564.2ef0: supR3HardenedDllNotificationCallback: load 00007ffb1b5d0000 LB 0x0069b000 C:\Windows\System32\OneCoreUAPCommonProxyStub.dll [fFlags=0x0] 4564.2ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\OneCoreUAPCommonProxyStub.dll 4564.2ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1b5d0000 'C:\Windows\System32\OneCoreUAPCommonProxyStub.dll' 4564.2e34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\netutils.dll' 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\davclnt.dll 4564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\davclnt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8570000 'C:\Windows\System32\davclnt.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ed0 pwszName=\Device\HarddiskVolume3\Windows\System32\twinapi.dll 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4E551B01F33916D559CF2E2ACE2E65C9DBD107C6 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.2ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00116~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\twinapi.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'combase.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'user32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'textinputframework.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\twinapi.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\twinapi.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'textinputframework.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'textinputframework.dll' -> '\Device\HarddiskVolume3\Windows\System32\textinputframework.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\twinapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb01e90000 LB 0x0009b000 C:\Windows\System32\twinapi.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01e90000 'C:\Windows\System32\twinapi.dll' 4564.2ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 4564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\shell32.dll (Input=shell32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000004001: [calling] 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.2e34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\apphelp.dll) 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\apphelp.dll 4564.2e34: supR3HardenedDllNotificationCallback: load 00007ffb1e470000 LB 0x0008b000 C:\Windows\SYSTEM32\apphelp.dll [fFlags=0x0] 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll [avoiding WinVerifyTrust] 4564.2e34: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\apphelp.dll'. 4564.2e34: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\apphelp.dll' [rescheduled] 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23e90000 'C:\Windows\System32\ntdll.dll' 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fb4 pwszName=\Device\HarddiskVolume3\Windows\System32\dlnashext.dll 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D786B11B93546459BB0959B74ABE557AA296AE50 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Media-Streaming-avcore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\dlnashext.dll' 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'oleaut32.dll'. 4564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dlnashext.dll) WinVerifyTrust 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dlnashext.dll 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 4564.2e34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dlnashext.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 4564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dlnashext.dll 4564.534: '\Device\HarddiskVolume3\Windows\System32\tzres.dll' has no imports 4564.534: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\tzres.dll) 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\tzres.dll 4564.534: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000fc8 (hFile=0000000000000ff4) with 0xc0000022 -> STATUS_TRUST_FAILURE 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\tzres.dll [avoiding WinVerifyTrust] 4564.534: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000ff4 (hFile=0000000000000fc8) with 0xc0000022 -> STATUS_TRUST_FAILURE 4564.2e34: supR3HardenedDllNotificationCallback: load 00007ffaf00f0000 LB 0x0004a000 C:\Windows\System32\dlnashext.dll [fFlags=0x0] 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dlnashext.dll 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf00f0000 'C:\Windows\System32\dlnashext.dll' 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fec pwszName=\Device\HarddiskVolume3\Windows\System32\tzres.dll 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=19F6C79DBE47B428474B0A1A94D7A4925FA87FE8 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1025_for_KB4467682~31bf3856ad364e35~amd64~~10.0.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\tzres.dll' 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.2e34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\tzres.dll' 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001024 pwszName=\Device\HarddiskVolume3\Windows\System32\PlayToDevice.dll 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F63EA59A2FE63EFA3A4F1A8F43E961B943894F0A 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msctf.dll (Input=msctf.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23b70000 'C:\Windows\System32\msctf.dll' 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\PlayToDevice.dll' 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'. 4564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\PlayToDevice.dll) WinVerifyTrust 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\PlayToDevice.dll 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.2e34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\PlayToDevice.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 4564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\PlayToDevice.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001074 pwszName=\Device\HarddiskVolume3\Windows\System32\actxprxy.dll 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C369042ADB3C740797A470FD44D69B8D07FF6061 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0018~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\actxprxy.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\actxprxy.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\actxprxy.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ActXPrxy.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 4564.2e34: supR3HardenedDllNotificationCallback: load 00007ffaf56d0000 LB 0x00063000 C:\Windows\System32\PlayToDevice.dll [fFlags=0x0] 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\PlayToDevice.dll 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf56d0000 'C:\Windows\System32\PlayToDevice.dll' 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\actxprxy.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffafc190000 LB 0x00097000 C:\Windows\System32\ActXPrxy.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\actxprxy.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafc190000 'C:\Windows\System32\ActXPrxy.dll' 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.3f28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DevDispItemProvider.dll) WinVerifyTrust 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DevDispItemProvider.dll 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DevDispItemProvider.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.4a64: \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 df 3e 1c 38 f6 e1 a9 82 7f d7 91 40 e9 03 00 00) 4564.4a64: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll) 4564.4a64: Error (rc=0): 4564.4a64: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll'. 4564.4a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll 4564.4a64: Error (rc=0): 4564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DevDispItemProvider.dll 4564.4a64: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' (C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll): rcNt=0xc0000190 4564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' 4564.2e34: supR3HardenedDllNotificationCallback: load 00007ffaf5480000 LB 0x0001e000 C:\Windows\System32\DevDispItemProvider.dll [fFlags=0x0] 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DevDispItemProvider.dll 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf5480000 'C:\Windows\System32\DevDispItemProvider.dll' 4564.4a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust] 4564.4a64: Error (rc=0): 4564.4a64: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll 4564.4a64: Error (rc=0): 4564.4a64: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' (C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll): rcNt=0xc0000190 4564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' 4564.4a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust] 4564.4a64: Error (rc=0): 4564.4a64: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll 4564.4a64: Error (rc=0): 4564.4a64: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' (C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll): rcNt=0xc0000190 4564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' 4564.4a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust] 4564.4a64: Error (rc=0): 4564.4a64: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=3 \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll 4564.4a64: Error (rc=0): 4564.4a64: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' (C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll): rcNt=0xc0000190 4564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' 4564.4a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust] 4564.4a64: Error (rc=0): 4564.4a64: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=4 \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll 4564.4a64: Error (rc=0): 4564.4a64: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' (C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll): rcNt=0xc0000190 4564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' 4564.4a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust] 4564.4a64: Error (rc=0): 4564.4a64: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=5 \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll 4564.4a64: Error (rc=0): 4564.4a64: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' (C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll): rcNt=0xc0000190 4564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' 4564.4a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust] 4564.4a64: Error (rc=0): 4564.4a64: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=6 \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll 4564.4a64: Error (rc=0): 4564.4a64: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' (C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll): rcNt=0xc0000190 4564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' 4564.4a64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011d8 pwszName=\Device\HarddiskVolume3\Windows\System32\EhStorShell.dll 4564.4a64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800 4564.4a64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800 4564.4a64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9A51702A19F6C63BB83D147F8FD87592666F211D 4564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll' 4564.4a64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0017~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\EhStorShell.dll' 4564.4a64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 4564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'. 4564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'. 4564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. 4564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'. 4564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'. 4564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shlwapi.dll'. 4564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'comctl32.dll'. 4564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'setupapi.dll'. 4564.4a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\EhStorShell.dll) WinVerifyTrust 4564.4a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\EhStorShell.dll 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.4200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.4200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.4200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'. 4564.4200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'devobj.dll'. 4564.4200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'propsys.dll'. 4564.4200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll) WinVerifyTrust 4564.4200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll 4564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'... 4564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008] 4564.4200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll 4564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'... 4564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008] 4564.4200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.4200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.4200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'cfgmgr32.dll'. 4564.4200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devobj.dll) WinVerifyTrust 4564.4200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll 4564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 4564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] 4564.4200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust] 4564.4200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.4200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'. 4564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'cfgmgr32.dll'. 4564.4a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust 4564.4a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'... 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rcNtRedir=0x0] 4564.4a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\comctl32.dll 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 4564.4a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'... 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008] 4564.4a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll 4564.4200: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 4564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 4564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] 4564.4200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll 4564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 4564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 4564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 4564.4200: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.4200: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll 4564.4a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\EhStorShell.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 4564.4200: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll 4564.4200: supR3HardenedDllNotificationCallback: load 00007ffb1ffb0000 LB 0x00027000 C:\Windows\System32\DEVOBJ.dll [fFlags=0x0] 4564.4200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll 4564.4200: supR3HardenedDllNotificationCallback: load 00007ffb16440000 LB 0x00076000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0] 4564.4200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll 4564.4200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb16440000 'C:\Windows\System32\MMDevApi.dll' 4564.4a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\EhStorShell.dll 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010a8 pwszName=\Device\HarddiskVolume3\Windows\System32\wpdshext.dll 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DF411C4284357D09E896CD865422547CE8E1E425 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-WPD-UltimatePortableDeviceFeature-Feature-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wpdshext.dll' 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'. 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'. 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'. 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdiplus.dll'. 4564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wpdshext.dll) WinVerifyTrust 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wpdshext.dll 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdiplus.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdiplus.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdiplus.dll' [rcNtRedir=0x0] 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000124c pwszName=\Device\HarddiskVolume3\Windows\System32\GdiPlus.dll 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B29157056BC84628E10AAF028774225400A820FA 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1813_for_KB4471324~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume3\Windows\System32\GdiPlus.dll' 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'. 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'gdi32.dll'. 4564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\GdiPlus.dll) WinVerifyTrust 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\GdiPlus.dll 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 4564.2e34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.2e34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wpdshext.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 4564.4a64: supR3HardenedDllNotificationCallback: load 00007ffb22bb0000 LB 0x0044b000 C:\Windows\System32\SETUPAPI.dll [fFlags=0x0] 4564.4a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll 4564.4a64: supR3HardenedDllNotificationCallback: load 00007ffafe680000 LB 0x00037000 C:\Windows\System32\EhStorShell.dll [fFlags=0x0] 4564.4a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\EhStorShell.dll 4564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafe680000 'C:\Windows\System32\EhStorShell.dll' 4564.4a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\EhStorShell.dll 4564.4a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\EhStorShell.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafe680000 'C:\Windows\System32\EhStorShell.dll' 4564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wpdshext.dll 4564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust] 4564.21ac: Error (rc=0): 4564.21ac: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=7 \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll 4564.21ac: Error (rc=0): 4564.21ac: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' (C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll): rcNt=0xc0000190 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'. 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'gdi32.dll'. 4564.2e34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17134.472_none_2c2a8dda8afa8f3b\GdiPlus.dll) 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17134.472_none_2c2a8dda8afa8f3b\GdiPlus.dll 4564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust] 4564.21ac: Error (rc=0): 4564.21ac: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=8 \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll 4564.21ac: Error (rc=0): 4564.21ac: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' (C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll): rcNt=0xc0000190 4564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' 4564.21ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000012f4 pwszName=\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17134.472_none_2c2a8dda8afa8f3b\GdiPlus.dll 4564.21ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800 4564.21ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800 4564.2e34: supR3HardenedDllNotificationCallback: load 00007ffaff6d0000 LB 0x0019a000 C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17134.472_none_2c2a8dda8afa8f3b\gdiplus.dll [fFlags=0x0] 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17134.472_none_2c2a8dda8afa8f3b\GdiPlus.dll [avoiding WinVerifyTrust] 4564.2e34: supR3HardenedDllNotificationCallback: load 00007ffaf66d0000 LB 0x001e1000 C:\Windows\system32\wpdshext.dll [fFlags=0x0] 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wpdshext.dll 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf66d0000 'C:\Windows\system32\wpdshext.dll' 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\Comctl32.dll' 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\Comctl32.dll' 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001364 pwszName=\Device\HarddiskVolume3\Windows\System32\PortableDeviceApi.dll 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000a88a840 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B7CC541089F78F23129583FF74E5C38F6B5E14C2 4564.21ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9D766A36B546A5168A943DF2989F836F88CA44D2 4564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-WPD-UltimatePortableDeviceFeature-Feature-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\PortableDeviceApi.dll' 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.21ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1813_for_KB4483234~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17134.472_none_2c2a8dda8afa8f3b\GdiPlus.dll' 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'. 4564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\PortableDeviceApi.dll) WinVerifyTrust 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\PortableDeviceApi.dll 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\PortableDeviceApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 4564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\PortableDeviceApi.dll 4564.21ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.21ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17134.472_none_2c2a8dda8afa8f3b\GdiPlus.dll' 4564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust] 4564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust] 4564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust] 4564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust] 4564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust] 4564.2e34: supR3HardenedDllNotificationCallback: load 00007ffaf10b0000 LB 0x0009c000 C:\Windows\System32\PortableDeviceApi.dll [fFlags=0x0] 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\PortableDeviceApi.dll 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf10b0000 'C:\Windows\System32\PortableDeviceApi.dll' 4564.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust] 4564.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust] 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust] 4564.2a6c: Error (rc=0): 4564.2a6c: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=16 \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll 4564.2a6c: Error (rc=0): 4564.2a6c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' (C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll): rcNt=0xc0000190 4564.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' 4564.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust] 4564.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust] 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000013bc pwszName=\Device\HarddiskVolume3\Windows\System32\EhStorAPI.dll 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840 4564.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust] 4564.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust] 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C79A9C7FF4206A48DABB389F73838D462F3034B6 4564.2ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust] 4564.2ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust] 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust] 4564.2ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust] 4564.2ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust] 4564.2ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust] 4564.2ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust] 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0017~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\EhStorAPI.dll' 4564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'. 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'setupapi.dll'. 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shlwapi.dll'. 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wtsapi32.dll'. 4564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\EhStorAPI.dll) WinVerifyTrust 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\EhStorAPI.dll 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008] 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wtsapi32.dll) WinVerifyTrust 4564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wtsapi32.dll 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 4564.2e34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 4564.2e34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\EhStorAPI.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 4564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\EhStorAPI.dll 4564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wtsapi32.dll 4564.2e34: supR3HardenedDllNotificationCallback: load 00007ffb1cbf0000 LB 0x00013000 C:\Windows\System32\WTSAPI32.dll [fFlags=0x0] 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wtsapi32.dll 4564.2e34: supR3HardenedDllNotificationCallback: load 00007ffaef850000 LB 0x00025000 C:\Windows\System32\EhStorAPI.dll [fFlags=0x0] 4564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\EhStorAPI.dll 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaef850000 'C:\Windows\System32\EhStorAPI.dll' 4564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'. 4564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'. 4564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'. 4564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'sspicli.dll'. 4564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'. 4564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'propsys.dll'. 4564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'. 4564.21ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\ntshrui.dll) 4564.21ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntshrui.dll 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d14 pwszName=\Device\HarddiskVolume3\Windows\System32\ntshrui.dll 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=31DC55F045F3A7865880C09562CB550FA861F0DD 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll 4564.21ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sspicli.dll) 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4564.21ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sspicli.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sspicli.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'sspicli.dll' -> '\Device\HarddiskVolume3\Windows\System32\sspicli.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sspicli.dll [lacks WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.21ac: supR3HardenedDllNotificationCallback: load 00007ffb200d0000 LB 0x00030000 C:\Windows\SYSTEM32\SspiCli.dll [fFlags=0x0] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sspicli.dll [avoiding WinVerifyTrust] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.21ac: supR3HardenedDllNotificationCallback: load 00007ffafcef0000 LB 0x000da000 C:\Windows\SYSTEM32\ntshrui.dll [fFlags=0x0] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ntshrui.dll [avoiding WinVerifyTrust] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 4564.21ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\srvcli.dll) 4564.21ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\srvcli.dll 4564.21ac: supR3HardenedDllNotificationCallback: load 00007ffb0a090000 LB 0x00026000 C:\Windows\SYSTEM32\srvcli.dll [fFlags=0x0] 4564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\srvcli.dll [avoiding WinVerifyTrust] 4564.21ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.21ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00115~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\ntshrui.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntshrui.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bd0 pwszName=\Device\HarddiskVolume3\Windows\System32\networkexplorer.dll 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840 4564.21ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\srvcli.dll' 4564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=46012622E4C634E9BD2E2CD2F9AD4B70A49688AA 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0017~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\networkexplorer.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'oleaut32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ole32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'shlwapi.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'shell32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'propsys.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'gdi32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\networkexplorer.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\networkexplorer.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 4564.21ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sspicli.dll' 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 4564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cscapi.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 4564.21ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cscapi.dll (Input=cscapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb076f0000 'C:\Windows\System32\cscapi.dll' 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\NetworkExplorer.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\networkexplorer.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffae8f70000 LB 0x00127000 C:\Windows\system32\NetworkExplorer.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\networkexplorer.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8f70000 'C:\Windows\system32\NetworkExplorer.dll' 4564.3f28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.534: supR3HardenedDllNotificationCallback: Unload 00007ffb133d0000 LB 0x00339000 C:\Windows\System32\MsftEdit.dll [flags=0x0] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll' 4564.534: supR3HardenedDllNotificationCallback: Unload 00007ffb17360000 LB 0x00039000 C:\Windows\system32\xmllite.dll [flags=0x0] 4564.2e34: supR3HardenedDllNotificationCallback: Unload 00007ffaf66d0000 LB 0x001e1000 C:\Windows\system32\wpdshext.dll [flags=0x0] 4564.2e34: supR3HardenedDllNotificationCallback: Unload 00007ffaff6d0000 LB 0x0019a000 C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17134.472_none_2c2a8dda8afa8f3b\gdiplus.dll [flags=0x0] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23a10000 'C:\Windows\System32\ole32.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23490000 'C:\Windows\System32\OLEAUT32.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001010 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D49375F38056AA009353FFDCCD59474093558A8B 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fc4 pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=85E1C37A6BD4306E57F09FFDB448860467295EFB 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb106c0000 LB 0x00083000 C:\Windows\SYSTEM32\wbemcomn.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb0c410000 LB 0x00011000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll 4564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20570000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0c410000 'C:\Windows\system32\wbem\wbemprox.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ac4 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=38422F12A30C69B303E7EBE427C8D87E3024ED12 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb0ee90000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0ee90000 'C:\Windows\system32\wbem\wbemsvc.dll' 4564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20570000 'api-ms-win-core-localization-l1-2-0.dll' 4564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20570000 'api-ms-win-core-localization-obsolete-l1-1-0.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b48 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=07493B638EF356F68BE9306C76CDBF2D22198E5A 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll' 4564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'wbemcomn.dll'. 4564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust 4564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 4564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll 4564.534: supR3HardenedDllNotificationCallback: load 00007ffb0ecc0000 LB 0x000f2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0] 4564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll 4564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0ecc0000 'C:\Windows\system32\wbem\fastprox.dll' 4564.4540: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.4540: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 4564.4540: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'. 4564.4540: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 4564.4540: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust 4564.4540: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll 4564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 4564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 4564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'... 4564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008] 4564.4540: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.4540: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'. 4564.4540: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 4564.4540: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'. 4564.4540: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust 4564.4540: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll 4564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 4564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 4564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 4564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 4564.4540: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll 4564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 4564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 4564.4540: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.4540: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll 4564.4540: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll 4564.4540: supR3HardenedDllNotificationCallback: load 0000000075260000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0] 4564.4540: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll 4564.4540: supR3HardenedDllNotificationCallback: load 00007ffaee110000 LB 0x00325000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0] 4564.4540: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll 4564.4540: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaee110000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.1b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.1b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 4564.1b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 4564.1b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 4564.1b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 4564.1b24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust 4564.1b24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll 4564.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 4564.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 4564.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 4564.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 4564.1b24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll 4564.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 4564.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 4564.1b24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.1b24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll 4564.1b24: supR3HardenedDllNotificationCallback: load 00007ffb1bfe0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0] 4564.1b24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll 4564.1b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1bfe0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL' 4564.1b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb215d0000 'C:\Windows\system32\User32.dll' 4564.2988: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2988: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 4564.2988: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 4564.2988: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 4564.2988: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust 4564.2988: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll 4564.2988: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 4564.2988: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 4564.2988: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 4564.2988: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 4564.2988: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 4564.2988: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 4564.2988: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.2988: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll 4564.2988: supR3HardenedDllNotificationCallback: load 00007ffb18630000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0] 4564.2988: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll 4564.2988: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb18630000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\system32\Shell32.dll' 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bf8 pwszName=\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2A7181E087C6ECA0DCCA8A166331DF79FF089117 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll' 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vid.dll'. 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'. 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll) WinVerifyTrust 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vid.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vid.dll' -> '\Device\HarddiskVolume3\Windows\System32\vid.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bf4 pwszName=\Device\HarddiskVolume3\Windows\System32\vid.dll 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F454C22DC5AFF4C1E546711FF3DA50D9DE5A940C 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HyperV-VID-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\vid.dll' 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'devobj.dll'. 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\vid.dll) WinVerifyTrust 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\vid.dll 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WinHvPlatform.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll 4564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb182b0000 LB 0x0000f000 C:\Windows\SYSTEM32\vid.dll [fFlags=0x0] 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb17a60000 LB 0x00018000 C:\Windows\system32\WinHvPlatform.dll [fFlags=0x0] 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17a60000 'C:\Windows\system32\WinHvPlatform.dll' 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\vid.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb182b0000 'C:\Windows\system32\vid.dll' 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\NTDLL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23e90000 'C:\Windows\system32\NTDLL.DLL' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'. 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'. 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'. 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'. 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'. 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'. 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'. 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll 4564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll 4564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll 4564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffaedf40000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0] 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffaf5500000 LB 0x0005c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0] 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb1f7a0000 LB 0x00038000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0] 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffada7a0000 LB 0x009d7000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0] 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffada7a0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadf3a0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf5500000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2994: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2994: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 4564.2994: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 4564.2994: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 4564.2994: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust 4564.2994: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll 4564.2994: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 4564.2994: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 4564.2994: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 4564.2994: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 4564.2994: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll 4564.2994: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 4564.2994: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 4564.2994: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.2994: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll 4564.2994: supR3HardenedDllNotificationCallback: load 00007ffb10f70000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0] 4564.2994: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll 4564.2994: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb10f70000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL' 4564.49b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.49b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 4564.49b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 4564.49b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'. 4564.49b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'. 4564.49b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust 4564.49b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll 4564.49b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 4564.49b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 4564.49b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 4564.49b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 4564.49b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll 4564.49b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 4564.49b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 4564.49b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 4564.49b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 4564.49b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.49b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll 4564.49b4: supR3HardenedDllNotificationCallback: load 00007ffb17be0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0] 4564.49b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll 4564.49b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17be0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL' 4564.4af8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.4af8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 4564.4af8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 4564.4af8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 4564.4af8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust 4564.4af8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll 4564.4af8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 4564.4af8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 4564.4af8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 4564.4af8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 4564.4af8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 4564.4af8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 4564.4af8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.4af8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll 4564.4af8: supR3HardenedDllNotificationCallback: load 00007ffb177f0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0] 4564.4af8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll 4564.4af8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb177f0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL' 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f7a0000 'C:\Windows\system32\Iphlpapi.dll' 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'. 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll) 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb21320000 LB 0x00008000 C:\Windows\System32\NSI.dll [fFlags=0x0] 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll) 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb16d30000 LB 0x0000b000 C:\Windows\SYSTEM32\WINNSI.DLL [fFlags=0x0] 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll [avoiding WinVerifyTrust] 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll) 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb16d10000 LB 0x00016000 C:\Windows\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0] 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust] 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'. 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'. 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll) 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb16cf0000 LB 0x0001a000 C:\Windows\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0] 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust] 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001088 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9F7955EB983A0B99F7EADAA9D82F084658BFF7D9 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust] 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust] 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_998_for_KB4467682~31bf3856ad364e35~amd64~~10.0.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll' 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.2c6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll' 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f60 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D65F2124F64B53555EFB8BC0D52BFD144939BAA4 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_998_for_KB4467682~31bf3856ad364e35~amd64~~10.0.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll' 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.2c6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2c6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2c6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winnsi.dll' 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000014a8 pwszName=\Device\HarddiskVolume3\Windows\System32\dsound.dll 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5473BCFF580489A320314B844E6D3DC42BA47DE8 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\dsound.dll' 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'winmm.dll'. 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dsound.dll) WinVerifyTrust 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dsound.dll 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 4564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb14c00000 LB 0x0008f000 C:\Windows\System32\dsound.dll [fFlags=0x0] 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb14c00000 'C:\Windows\System32\dsound.dll' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb14c00000 'C:\Windows\System32\dsound.dll' 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb14c00000 'C:\Windows\system32\dsound.dll' 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb16440000 'C:\Windows\System32\MMDEVAPI.DLL' 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll' 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000014bc pwszName=\Device\HarddiskVolume3\Windows\System32\wdmaud.drv 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=177AADB38B3BB8D75072CC704861E1B81617F092 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wdmaud.drv' 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'. 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'ksuser.dll'. 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'avrt.dll'. 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wdmaud.drv) WinVerifyTrust 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wdmaud.drv 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\avrt.dll) WinVerifyTrust 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\avrt.dll 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume3\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ksuser.dll) WinVerifyTrust 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ksuser.dll 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 4564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv 4564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll 4564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb19ea0000 LB 0x00009000 C:\Windows\SYSTEM32\ksuser.dll [fFlags=0x0] 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb1c730000 LB 0x0000a000 C:\Windows\SYSTEM32\AVRT.dll [fFlags=0x0] 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffafdde0000 LB 0x00044000 C:\Windows\System32\wdmaud.drv [fFlags=0x0] 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafdde0000 'C:\Windows\System32\wdmaud.drv' 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafdde0000 'C:\Windows\System32\wdmaud.drv' 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafdde0000 'C:\Windows\System32\wdmaud.drv' 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafdde0000 'C:\Windows\System32\wdmaud.drv' 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafdde0000 'C:\Windows\System32\wdmaud.drv' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'. 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'. 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'mmdevapi.dll'. 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'avrt.dll'. 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\AudioSes.dll) WinVerifyTrust 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\AudioSes.dll 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb14ec0000 LB 0x0012c000 C:\Windows\System32\AUDIOSES.DLL [fFlags=0x0] 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb14ec0000 'C:\Windows\System32\AUDIOSES.DLL' 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafdde0000 'C:\Windows\System32\wdmaud.drv' 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafdde0000 'C:\Windows\System32\wdmaud.drv' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafdde0000 'C:\Windows\System32\wdmaud.drv' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafdde0000 'C:\Windows\System32\wdmaud.drv' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafdde0000 'C:\Windows\System32\wdmaud.drv' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafdde0000 'C:\Windows\System32\wdmaud.drv' 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000013b0 pwszName=\Device\HarddiskVolume3\Windows\System32\msacm32.drv 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7886E1CCA739C1E5ED73D45A3FBDDF8A54FC7C0F 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\msacm32.drv' 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'. 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'. 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmmbase.dll'. 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.drv) WinVerifyTrust 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.drv 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [redoing WinVerifyTrust] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2c6c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.dll) WinVerifyTrust 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.dll 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 4564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv 4564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb18760000 LB 0x0001c000 C:\Windows\SYSTEM32\MSACM32.dll [fFlags=0x0] 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb1cc10000 LB 0x0000d000 C:\Windows\System32\msacm32.drv [fFlags=0x0] 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1cc10000 'C:\Windows\System32\msacm32.drv' 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1cc10000 'C:\Windows\System32\msacm32.drv' 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1cc10000 'C:\Windows\System32\msacm32.drv' 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1cc10000 'C:\Windows\System32\msacm32.drv' 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1cc10000 'C:\Windows\System32\msacm32.drv' 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1cc10000 'C:\Windows\System32\msacm32.drv' 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1cc10000 'C:\Windows\System32\msacm32.drv' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1cc10000 'C:\Windows\System32\msacm32.drv' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1cc10000 'C:\Windows\System32\msacm32.drv' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1cc10000 'C:\Windows\System32\msacm32.drv' 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001520 pwszName=\Device\HarddiskVolume3\Windows\System32\midimap.dll 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1DAEA3709B4BD5475FA0919C8463CA4834E4BC26 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll' 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\midimap.dll' 4564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 4564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'. 4564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\midimap.dll) WinVerifyTrust 4564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\midimap.dll 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 4564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 4564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll 4564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb1c0f0000 LB 0x0000a000 C:\Windows\System32\midimap.dll [fFlags=0x0] 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1c0f0000 'C:\Windows\System32\midimap.dll' 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1c0f0000 'C:\Windows\System32\midimap.dll' 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1c0f0000 'C:\Windows\System32\midimap.dll' 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1c0f0000 'C:\Windows\System32\midimap.dll' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll' 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll' 4564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb14c00000 'C:\Windows\system32\dsound.dll' 4564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll' 4564.2ef0: supR3HardenedDllNotificationCallback: Unload 00007ffb15a80000 LB 0x00131000 C:\Windows\System32\Windows.StateRepositoryPS.dll [flags=0x0] 4564.2ef0: supR3HardenedDllNotificationCallback: Unload 00007ffb11000000 LB 0x00189000 C:\Windows\System32\Windows.Globalization.dll [flags=0x0] 4564.2ef0: supR3HardenedDllNotificationCallback: Unload 00007ffb130c0000 LB 0x00029000 C:\Windows\System32\bcp47mrm.dll [flags=0x0] 4564.2ef0: supR3HardenedDllNotificationCallback: Unload 00007ffb1dd70000 LB 0x0002a000 C:\Windows\SYSTEM32\globinputhost.dll [flags=0x0] 4564.2ef0: supR3HardenedDllNotificationCallback: Unload 00007ffb13380000 LB 0x00050000 C:\Windows\System32\Bcp47Langs.dll [flags=0x0] 4564.2ef0: supR3HardenedDllNotificationCallback: Unload 00007ffaf10b0000 LB 0x0009c000 C:\Windows\System32\PortableDeviceApi.dll [flags=0x0] 4564.2ef0: supR3HardenedDllNotificationCallback: Unload 00007ffaf47e0000 LB 0x000bd000 C:\Windows\system32\Windows.Storage.Search.dll [flags=0x0] 4564.2ef0: supR3HardenedDllNotificationCallback: Unload 00007ffaef850000 LB 0x00025000 C:\Windows\System32\EhStorAPI.dll [flags=0x0] 4564.2ef0: supR3HardenedDllNotificationCallback: Unload 00007ffb1cbf0000 LB 0x00013000 C:\Windows\System32\WTSAPI32.dll [flags=0x0] 4564.2ef0: supR3HardenedDllNotificationCallback: Unload 00007ffaf56d0000 LB 0x00063000 C:\Windows\System32\PlayToDevice.dll [flags=0x0]