6674.5c8c: Log file opened: 5.2.6r120293 g_hStartupLog=000000000000006c g_uNtVerCombined=0xa03ad700 6674.5c8c: \SystemRoot\System32\ntdll.dll: 6674.5c8c: CreationTime: 2017-03-18T20:57:39.201977500Z 6674.5c8c: LastWriteTime: 2018-09-12T18:39:34.215217200Z 6674.5c8c: ChangeTime: 2018-09-12T18:44:11.683982200Z 6674.5c8c: FileAttributes: 0x20 6674.5c8c: Size: 0x1d7450 6674.5c8c: NT Headers: 0xe0 6674.5c8c: Timestamp: 0xb79b6ddb 6674.5c8c: Machine: 0x8664 - amd64 6674.5c8c: Timestamp: 0xb79b6ddb 6674.5c8c: Image Version: 10.0 6674.5c8c: SizeOfImage: 0x1db000 (1945600) 6674.5c8c: Resource Dir: 0x170000 LB 0x69398 6674.5c8c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 6674.5c8c: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)] 6674.5c8c: ProductName: Microsoft® Windows® Operating System 6674.5c8c: ProductVersion: 10.0.15063.0 6674.5c8c: FileVersion: 10.0.15063.0 (WinBuild.160101.0800) 6674.5c8c: FileDescription: NT Layer DLL 6674.5c8c: \SystemRoot\System32\kernel32.dll: 6674.5c8c: CreationTime: 2017-03-18T20:57:15.887502700Z 6674.5c8c: LastWriteTime: 2018-09-12T18:34:59.800021300Z 6674.5c8c: ChangeTime: 2018-09-12T02:57:32.979381100Z 6674.5c8c: FileAttributes: 0x20 6674.5c8c: Size: 0xad068 6674.5c8c: NT Headers: 0xf8 6674.5c8c: Timestamp: 0x17a3637d 6674.5c8c: Machine: 0x8664 - amd64 6674.5c8c: Timestamp: 0x17a3637d 6674.5c8c: Image Version: 10.0 6674.5c8c: SizeOfImage: 0xae000 (712704) 6674.5c8c: Resource Dir: 0xac000 LB 0x520 6674.5c8c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 6674.5c8c: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 6674.5c8c: ProductName: Microsoft® Windows® Operating System 6674.5c8c: ProductVersion: 10.0.15063.0 6674.5c8c: FileVersion: 10.0.15063.0 (WinBuild.160101.0800) 6674.5c8c: FileDescription: Windows NT BASE API Client DLL 6674.5c8c: \SystemRoot\System32\KernelBase.dll: 6674.5c8c: CreationTime: 2017-03-18T20:57:35.951701900Z 6674.5c8c: LastWriteTime: 2018-09-12T18:37:42.594005400Z 6674.5c8c: ChangeTime: 2018-09-12T02:57:35.089386700Z 6674.5c8c: FileAttributes: 0x20 6674.5c8c: Size: 0x249bf0 6674.5c8c: NT Headers: 0x100 6674.5c8c: Timestamp: 0x461a0ff5 6674.5c8c: Machine: 0x8664 - amd64 6674.5c8c: Timestamp: 0x461a0ff5 6674.5c8c: Image Version: 10.0 6674.5c8c: SizeOfImage: 0x249000 (2396160) 6674.5c8c: Resource Dir: 0x22a000 LB 0x548 6674.5c8c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 6674.5c8c: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 6674.5c8c: ProductName: Microsoft® Windows® Operating System 6674.5c8c: ProductVersion: 10.0.15063.0 6674.5c8c: FileVersion: 10.0.15063.0 (WinBuild.160101.0800) 6674.5c8c: FileDescription: Windows NT BASE API Client DLL 6674.5c8c: \SystemRoot\System32\apisetschema.dll: 6674.5c8c: CreationTime: 2017-03-18T20:57:35.373527900Z 6674.5c8c: LastWriteTime: 2017-03-18T20:57:35.373527900Z 6674.5c8c: ChangeTime: 2018-09-14T08:35:56.552540200Z 6674.5c8c: FileAttributes: 0x80 6674.5c8c: Size: 0x1ada0 6674.5c8c: NT Headers: 0xc0 6674.5c8c: Timestamp: 0x76544b2 6674.5c8c: Machine: 0x8664 - amd64 6674.5c8c: Timestamp: 0x76544b2 6674.5c8c: Image Version: 10.0 6674.5c8c: SizeOfImage: 0x1b000 (110592) 6674.5c8c: Resource Dir: 0x1a000 LB 0x408 6674.5c8c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 6674.5c8c: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 6674.5c8c: ProductName: Microsoft® Windows® Operating System 6674.5c8c: ProductVersion: 10.0.15063.0 6674.5c8c: FileVersion: 10.0.15063.0 (WinBuild.160101.0800) 6674.5c8c: FileDescription: ApiSet Schema DLL 6674.5c8c: NtOpenDirectoryObject failed on \Driver: 0xc0000022 6674.5c8c: supR3HardenedWinFindAdversaries: 0x18 6674.5c8c: \SystemRoot\System32\drivers\tmcomm.sys: 6674.5c8c: CreationTime: 2018-09-24T16:02:24.000000000Z 6674.5c8c: LastWriteTime: 2018-09-24T16:02:24.000000000Z 6674.5c8c: ChangeTime: 2018-12-19T09:55:32.419063300Z 6674.5c8c: FileAttributes: 0x20 6674.5c8c: Size: 0x6c0b8 6674.5c8c: NT Headers: 0xf0 6674.5c8c: Timestamp: 0x5ba22a62 6674.5c8c: Machine: 0x8664 - amd64 6674.5c8c: Timestamp: 0x5ba22a62 6674.5c8c: Image Version: 10.0 6674.5c8c: SizeOfImage: 0x6d000 (446464) 6674.5c8c: Resource Dir: 0x6b000 LB 0x568 6674.5c8c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 6674.5c8c: [Raw version resource data: 0x6b060 LB 0x504, codepage 0x0 (reserved 0x0)] 6674.5c8c: ProductName: Trend Micro Eyes 6674.5c8c: ProductVersion: 7.0 6674.5c8c: FileVersion: 7.0.0.1162 6674.5c8c: SpecialBuild: 1162 6674.5c8c: PrivateBuild: Build 1162 - 9/19/2018 6674.5c8c: FileDescription: TrendMicro Common Module 6674.5c8c: \SystemRoot\System32\drivers\tmactmon.sys: 6674.5c8c: CreationTime: 2018-10-01T18:24:54.000000000Z 6674.5c8c: LastWriteTime: 2018-10-01T18:24:54.000000000Z 6674.5c8c: ChangeTime: 2018-12-19T09:55:32.559663200Z 6674.5c8c: FileAttributes: 0x20 6674.5c8c: Size: 0x20dd0 6674.5c8c: NT Headers: 0xe8 6674.5c8c: Timestamp: 0x5bac4c1c 6674.5c8c: Machine: 0x8664 - amd64 6674.5c8c: Timestamp: 0x5bac4c1c 6674.5c8c: Image Version: 6.0 6674.5c8c: SizeOfImage: 0x24000 (147456) 6674.5c8c: Resource Dir: 0x22000 LB 0x590 6674.5c8c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 6674.5c8c: [Raw version resource data: 0x22060 LB 0x52c, codepage 0x0 (reserved 0x0)] 6674.5c8c: ProductName: Trend Micro AEGIS 6674.5c8c: ProductVersion: 2.976 6674.5c8c: FileVersion: 2.976.0.2193 6674.5c8c: SpecialBuild: 2193 6674.5c8c: PrivateBuild: Build 2193 - 9/27/2018 6674.5c8c: FileDescription: TrendMicro Activity Monitor Module 6674.5c8c: \SystemRoot\System32\drivers\tmevtmgr.sys: 6674.5c8c: CreationTime: 2018-10-01T18:24:58.000000000Z 6674.5c8c: LastWriteTime: 2018-10-01T18:24:58.000000000Z 6674.5c8c: ChangeTime: 2018-12-19T09:55:32.465901000Z 6674.5c8c: FileAttributes: 0x20 6674.5c8c: Size: 0x18830 6674.5c8c: NT Headers: 0xe8 6674.5c8c: Timestamp: 0x5bac4c1a 6674.5c8c: Machine: 0x8664 - amd64 6674.5c8c: Timestamp: 0x5bac4c1a 6674.5c8c: Image Version: 6.0 6674.5c8c: SizeOfImage: 0x19000 (102400) 6674.5c8c: Resource Dir: 0x17000 LB 0x590 6674.5c8c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 6674.5c8c: [Raw version resource data: 0x17060 LB 0x52c, codepage 0x0 (reserved 0x0)] 6674.5c8c: ProductName: Trend Micro AEGIS 6674.5c8c: ProductVersion: 2.976 6674.5c8c: FileVersion: 2.976.0.2193 6674.5c8c: SpecialBuild: 2193 6674.5c8c: PrivateBuild: Build 2193 - 9/27/2018 6674.5c8c: FileDescription: TrendMicro Event Management Module 6674.5c8c: \SystemRoot\System32\drivers\tmebc64.sys: 6674.5c8c: CreationTime: 2016-04-21T03:08:10.000000000Z 6674.5c8c: LastWriteTime: 2016-04-21T03:08:10.000000000Z 6674.5c8c: ChangeTime: 2018-12-19T09:55:57.328693600Z 6674.5c8c: FileAttributes: 0x20 6674.5c8c: Size: 0x11b38 6674.5c8c: NT Headers: 0xf8 6674.5c8c: Timestamp: 0x564ac673 6674.5c8c: Machine: 0x8664 - amd64 6674.5c8c: Timestamp: 0x564ac673 6674.5c8c: Image Version: 6.0 6674.5c8c: SizeOfImage: 0x12000 (73728) 6674.5c8c: Resource Dir: 0x10000 LB 0x6f8 6674.5c8c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 6674.5c8c: [Raw version resource data: 0x10060 LB 0x694, codepage 0x0 (reserved 0x0)] 6674.5c8c: ProductName: Trend Micro Early Boot Clean 6674.5c8c: ProductVersion: 1.5 6674.5c8c: FileVersion: 1.5.0.1023 6674.5c8c: SpecialBuild: 1023 6674.5c8c: PrivateBuild: Build 1023 - 11/17/2015 6674.5c8c: FileDescription: Trend Micro early boot driver 6674.5c8c: \SystemRoot\System32\drivers\tmeevw.sys: 6674.5c8c: CreationTime: 2017-04-25T07:39:52.000000000Z 6674.5c8c: LastWriteTime: 2017-04-25T07:39:52.000000000Z 6674.5c8c: ChangeTime: 2018-12-19T09:55:11.635558300Z 6674.5c8c: FileAttributes: 0x20 6674.5c8c: Size: 0x22ed8 6674.5c8c: NT Headers: 0xf8 6674.5c8c: Timestamp: 0x58f08d99 6674.5c8c: Machine: 0x8664 - amd64 6674.5c8c: Timestamp: 0x58f08d99 6674.5c8c: Image Version: 10.0 6674.5c8c: SizeOfImage: 0x23000 (143360) 6674.5c8c: Resource Dir: 0x1d000 LB 0x4df0 6674.5c8c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 6674.5c8c: [Raw version resource data: 0x218fc LB 0x4f4, codepage 0x4e4 (reserved 0x0)] 6674.5c8c: ProductName: Trend Micro EagleEye 6674.5c8c: ProductVersion: 3.0 6674.5c8c: FileVersion: 3.0.0.1005 6674.5c8c: SpecialBuild: 1005 6674.5c8c: PrivateBuild: Build 1005 - 4/14/2017 6674.5c8c: FileDescription: Trend Micro EagleEye Driver (VW) (amd64-fre) 6674.5c8c: \SystemRoot\System32\drivers\sakfile.sys: 6674.5c8c: CreationTime: 2018-12-19T13:56:21.051912800Z 6674.5c8c: LastWriteTime: 2018-09-28T06:38:12.000000000Z 6674.5c8c: ChangeTime: 2019-01-22T00:16:11.186074400Z 6674.5c8c: FileAttributes: 0x20 6674.5c8c: Size: 0x1fdf0 6674.5c8c: NT Headers: 0xe0 6674.5c8c: Timestamp: 0x5bab5f62 6674.5c8c: Machine: 0x8664 - amd64 6674.5c8c: Timestamp: 0x5bab5f62 6674.5c8c: Image Version: 0.0 6674.5c8c: SizeOfImage: 0x20000 (131072) 6674.5c8c: Resource Dir: 0x1e000 LB 0x558 6674.5c8c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 6674.5c8c: [Raw version resource data: 0x1e060 LB 0x4f4, codepage 0x0 (reserved 0x0)] 6674.5c8c: ProductName: OfficeScan - Data Protection (DLPE-SDK) 6674.5c8c: ProductVersion: 6.2 6674.5c8c: FileVersion: 6.2.0.1235 6674.5c8c: SpecialBuild: 1235 6674.5c8c: PrivateBuild: Build 1235 - 9/26/2018 6674.5c8c: FileDescription: Trend Micro Data Loss Prevention Driver 6674.5c8c: \SystemRoot\System32\drivers\sakcd.sys: 6674.5c8c: CreationTime: 2018-12-19T13:56:21.051912800Z 6674.5c8c: LastWriteTime: 2018-09-28T06:38:12.000000000Z 6674.5c8c: ChangeTime: 2019-01-22T00:16:11.326719700Z 6674.5c8c: FileAttributes: 0x20 6674.5c8c: Size: 0x17278 6674.5c8c: NT Headers: 0xf0 6674.5c8c: Timestamp: 0x5aa0b500 6674.5c8c: Machine: 0x8664 - amd64 6674.5c8c: Timestamp: 0x5aa0b500 6674.5c8c: Image Version: 5.0 6674.5c8c: SizeOfImage: 0x15000 (86016) 6674.5c8c: Resource Dir: 0x13000 LB 0x518 6674.5c8c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 6674.5c8c: [Raw version resource data: 0x13060 LB 0x4b4, codepage 0x0 (reserved 0x0)] 6674.5c8c: ProductName: OfficeScan - Data Protection (DLPE-SDK) 6674.5c8c: ProductVersion: 6.2 6674.5c8c: FileVersion: 6.2.0.1184 6674.5c8c: SpecialBuild: 1184 6674.5c8c: PrivateBuild: Build 1184 - 3/8/2018 6674.5c8c: FileDescription: Trend Micro Data Loss Prevention Driver 6674.5c8c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 6674.5c8c: Calling main() 6674.5c8c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 6674.5c8c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 6674.5c8c: SUPR3HardenedMain: Respawn #1 6674.5c8c: System32: \Device\HarddiskVolume4\Windows\System32 6674.5c8c: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS 6674.5c8c: KnownDllPath: C:\WINDOWS\System32 6674.5c8c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 6674.5c8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe) 6674.5c8c: supR3HardNtEnableThreadCreation: 6674.5c8c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffe786a9ad0 pvNtTerminateThread=00007ffe786d5e00 6674.5c8c: supR3HardenedWinDoReSpawn(1): New child 678c.5edc [kernel32]. 6674.5c8c: supR3HardNtChildGatherData: PebBaseAddress=0000000000ffa000 cbPeb=0x388 6674.5c8c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffe78630000 uNtDllChildAddr=00007ffe78630000 6674.5c8c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffe786a9ad0 6674.5c8c: supR3HardenedWinSetupChildInit: Start child. 6674.5c8c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms. 6674.5c8c: supR3HardNtChildPurify: Startup delay kludge #1/0: 519 ms, 61 sleeps 6674.5c8c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 6674.5c8c: *0000000000000000-0000000000cbffff 0x0001/0x0000 0x0000000 6674.5c8c: *0000000000cc0000-0000000000cdffff 0x0004/0x0004 0x0020000 6674.5c8c: *0000000000ce0000-0000000000cf7fff 0x0002/0x0002 0x0040000 6674.5c8c: 0000000000cf8000-0000000000cfffff 0x0001/0x0000 0x0000000 6674.5c8c: *0000000000d00000-0000000000dfafff 0x0000/0x0004 0x0020000 6674.5c8c: 0000000000dfb000-0000000000dfdfff 0x0104/0x0004 0x0020000 6674.5c8c: 0000000000dfe000-0000000000dfffff 0x0004/0x0004 0x0020000 6674.5c8c: *0000000000e00000-0000000000ff9fff 0x0000/0x0004 0x0020000 6674.5c8c: 0000000000ffa000-0000000000ffcfff 0x0004/0x0004 0x0020000 6674.5c8c: 0000000000ffd000-0000000000ffffff 0x0000/0x0004 0x0020000 6674.5c8c: *0000000001000000-0000000001003fff 0x0002/0x0002 0x0040000 6674.5c8c: 0000000001004000-000000000100ffff 0x0001/0x0000 0x0000000 6674.5c8c: *0000000001010000-0000000001010fff 0x0004/0x0004 0x0020000 6674.5c8c: 0000000001011000-000000007ffdffff 0x0001/0x0000 0x0000000 6674.5c8c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 6674.5c8c: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 6674.5c8c: 000000007fff0000-00007ff66bc5ffff 0x0001/0x0000 0x0000000 6674.5c8c: *00007ff66bc60000-00007ff66bc82fff 0x0002/0x0002 0x0040000 6674.5c8c: 00007ff66bc83000-00007ff66c86ffff 0x0001/0x0000 0x0000000 6674.5c8c: *00007ff66c870000-00007ff66c870fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 6674.5c8c: 00007ff66c871000-00007ff66c8e1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 6674.5c8c: 00007ff66c8e2000-00007ff66c8e2fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 6674.5c8c: 00007ff66c8e3000-00007ff66c928fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 6674.5c8c: 00007ff66c929000-00007ff66c929fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 6674.5c8c: 00007ff66c92a000-00007ff66c92afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 6674.5c8c: 00007ff66c92b000-00007ff66c92ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 6674.5c8c: 00007ff66c930000-00007ff66c930fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 6674.5c8c: 00007ff66c931000-00007ff66c931fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 6674.5c8c: 00007ff66c932000-00007ff66c935fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 6674.5c8c: 00007ff66c936000-00007ff66c97dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 6674.5c8c: 00007ff66c97e000-00007ffe7862ffff 0x0001/0x0000 0x0000000 6674.5c8c: *00007ffe78630000-00007ffe78630fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 6674.5c8c: 00007ffe78631000-00007ffe7873ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 6674.5c8c: 00007ffe78740000-00007ffe78784fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 6674.5c8c: 00007ffe78785000-00007ffe7878afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 6674.5c8c: 00007ffe7878b000-00007ffe7878bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 6674.5c8c: 00007ffe7878c000-00007ffe7878cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 6674.5c8c: 00007ffe7878d000-00007ffe7879afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 6674.5c8c: 00007ffe7879b000-00007ffe7879bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 6674.5c8c: 00007ffe7879c000-00007ffe7879efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 6674.5c8c: 00007ffe7879f000-00007ffe7880afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 6674.5c8c: 00007ffe7880b000-00007ffffffdffff 0x0001/0x0000 0x0000000 6674.5c8c: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000 6674.5c8c: VirtualBox.exe: timestamp 0x5a5cc1cb (rc=VINF_SUCCESS) 6674.5c8c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 6674.5c8c: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports 6674.5c8c: supR3HardNtChildPurify: Done after 571 ms and 0 fixes (loop #0). 678c.5edc: Log file opened: 5.2.6r120293 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03ad700 678c.5edc: supR3HardenedVmProcessInit: uNtDllAddr=00007ffe78630000 g_uNtVerCombined=0xa03ad700 6674.5c8c: supR3HardNtEnableThreadCreation: 678c.5edc: ntdll.dll: timestamp 0xb79b6ddb (rc=VINF_SUCCESS) 678c.5edc: New simple heap: #1 0000000001120000 LB 0x400000 (for 1945600 allocation) 678c.5edc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 678c.5edc: System32: \Device\HarddiskVolume4\Windows\System32 678c.5edc: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS 678c.5edc: KnownDllPath: C:\WINDOWS\System32 678c.5edc: supR3HardenedVmProcessInit: Opening vboxdrv stub... 678c.5edc: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 678c.5edc: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 678c.5edc: Registered Dll notification callback with NTDLL. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll 678c.5edc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe75890000 LB 0x00249000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0] 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe76030000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe76030000 'C:\WINDOWS\System32\KERNEL32.DLL' 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ff66c870000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 678c.5edc: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 678c.5edc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffe786a9ad0 pvNtTerminateThread=00007ffe786d5e00 6674.5c8c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 166 ms. 678c.5edc: \SystemRoot\System32\ntdll.dll: 678c.5edc: CreationTime: 2017-03-18T20:57:39.201977500Z 678c.5edc: LastWriteTime: 2018-09-12T18:39:34.215217200Z 678c.5edc: ChangeTime: 2018-09-12T18:44:11.683982200Z 678c.5edc: FileAttributes: 0x20 678c.5edc: Size: 0x1d7450 678c.5edc: NT Headers: 0xe0 678c.5edc: Timestamp: 0xb79b6ddb 678c.5edc: Machine: 0x8664 - amd64 678c.5edc: Timestamp: 0xb79b6ddb 678c.5edc: Image Version: 10.0 678c.5edc: SizeOfImage: 0x1db000 (1945600) 678c.5edc: Resource Dir: 0x170000 LB 0x69398 678c.5edc: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 678c.5edc: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)] 678c.5edc: ProductName: Microsoft® Windows® Operating System 678c.5edc: ProductVersion: 10.0.15063.0 678c.5edc: FileVersion: 10.0.15063.0 (WinBuild.160101.0800) 678c.5edc: FileDescription: NT Layer DLL 678c.5edc: \SystemRoot\System32\kernel32.dll: 678c.5edc: CreationTime: 2017-03-18T20:57:15.887502700Z 678c.5edc: LastWriteTime: 2018-09-12T18:34:59.800021300Z 678c.5edc: ChangeTime: 2018-09-12T02:57:32.979381100Z 678c.5edc: FileAttributes: 0x20 678c.5edc: Size: 0xad068 678c.5edc: NT Headers: 0xf8 678c.5edc: Timestamp: 0x17a3637d 678c.5edc: Machine: 0x8664 - amd64 678c.5edc: Timestamp: 0x17a3637d 678c.5edc: Image Version: 10.0 678c.5edc: SizeOfImage: 0xae000 (712704) 678c.5edc: Resource Dir: 0xac000 LB 0x520 678c.5edc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 678c.5edc: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 678c.5edc: ProductName: Microsoft® Windows® Operating System 678c.5edc: ProductVersion: 10.0.15063.0 678c.5edc: FileVersion: 10.0.15063.0 (WinBuild.160101.0800) 678c.5edc: FileDescription: Windows NT BASE API Client DLL 678c.5edc: \SystemRoot\System32\KernelBase.dll: 678c.5edc: CreationTime: 2017-03-18T20:57:35.951701900Z 678c.5edc: LastWriteTime: 2018-09-12T18:37:42.594005400Z 678c.5edc: ChangeTime: 2018-09-12T02:57:35.089386700Z 678c.5edc: FileAttributes: 0x20 678c.5edc: Size: 0x249bf0 678c.5edc: NT Headers: 0x100 678c.5edc: Timestamp: 0x461a0ff5 678c.5edc: Machine: 0x8664 - amd64 678c.5edc: Timestamp: 0x461a0ff5 678c.5edc: Image Version: 10.0 678c.5edc: SizeOfImage: 0x249000 (2396160) 678c.5edc: Resource Dir: 0x22a000 LB 0x548 678c.5edc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 678c.5edc: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 678c.5edc: ProductName: Microsoft® Windows® Operating System 678c.5edc: ProductVersion: 10.0.15063.0 678c.5edc: FileVersion: 10.0.15063.0 (WinBuild.160101.0800) 678c.5edc: FileDescription: Windows NT BASE API Client DLL 678c.5edc: \SystemRoot\System32\apisetschema.dll: 678c.5edc: CreationTime: 2017-03-18T20:57:35.373527900Z 678c.5edc: LastWriteTime: 2017-03-18T20:57:35.373527900Z 678c.5edc: ChangeTime: 2018-09-14T08:35:56.552540200Z 678c.5edc: FileAttributes: 0x80 678c.5edc: Size: 0x1ada0 678c.5edc: NT Headers: 0xc0 678c.5edc: Timestamp: 0x76544b2 678c.5edc: Machine: 0x8664 - amd64 678c.5edc: Timestamp: 0x76544b2 678c.5edc: Image Version: 10.0 678c.5edc: SizeOfImage: 0x1b000 (110592) 678c.5edc: Resource Dir: 0x1a000 LB 0x408 678c.5edc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 678c.5edc: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 678c.5edc: ProductName: Microsoft® Windows® Operating System 678c.5edc: ProductVersion: 10.0.15063.0 678c.5edc: FileVersion: 10.0.15063.0 (WinBuild.160101.0800) 678c.5edc: FileDescription: ApiSet Schema DLL 678c.5edc: NtOpenDirectoryObject failed on \Driver: 0xc0000022 678c.5edc: supR3HardenedWinFindAdversaries: 0x18 678c.5edc: \SystemRoot\System32\drivers\tmcomm.sys: 678c.5edc: CreationTime: 2018-09-24T16:02:24.000000000Z 678c.5edc: LastWriteTime: 2018-09-24T16:02:24.000000000Z 678c.5edc: ChangeTime: 2018-12-19T09:55:32.419063300Z 678c.5edc: FileAttributes: 0x20 678c.5edc: Size: 0x6c0b8 678c.5edc: NT Headers: 0xf0 678c.5edc: Timestamp: 0x5ba22a62 678c.5edc: Machine: 0x8664 - amd64 678c.5edc: Timestamp: 0x5ba22a62 678c.5edc: Image Version: 10.0 678c.5edc: SizeOfImage: 0x6d000 (446464) 678c.5edc: Resource Dir: 0x6b000 LB 0x568 678c.5edc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 678c.5edc: [Raw version resource data: 0x6b060 LB 0x504, codepage 0x0 (reserved 0x0)] 678c.5edc: ProductName: Trend Micro Eyes 678c.5edc: ProductVersion: 7.0 678c.5edc: FileVersion: 7.0.0.1162 678c.5edc: SpecialBuild: 1162 678c.5edc: PrivateBuild: Build 1162 - 9/19/2018 678c.5edc: FileDescription: TrendMicro Common Module 678c.5edc: \SystemRoot\System32\drivers\tmactmon.sys: 678c.5edc: CreationTime: 2018-10-01T18:24:54.000000000Z 678c.5edc: LastWriteTime: 2018-10-01T18:24:54.000000000Z 678c.5edc: ChangeTime: 2018-12-19T09:55:32.559663200Z 678c.5edc: FileAttributes: 0x20 678c.5edc: Size: 0x20dd0 678c.5edc: NT Headers: 0xe8 678c.5edc: Timestamp: 0x5bac4c1c 678c.5edc: Machine: 0x8664 - amd64 678c.5edc: Timestamp: 0x5bac4c1c 678c.5edc: Image Version: 6.0 678c.5edc: SizeOfImage: 0x24000 (147456) 678c.5edc: Resource Dir: 0x22000 LB 0x590 678c.5edc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 678c.5edc: [Raw version resource data: 0x22060 LB 0x52c, codepage 0x0 (reserved 0x0)] 678c.5edc: ProductName: Trend Micro AEGIS 678c.5edc: ProductVersion: 2.976 678c.5edc: FileVersion: 2.976.0.2193 678c.5edc: SpecialBuild: 2193 678c.5edc: PrivateBuild: Build 2193 - 9/27/2018 678c.5edc: FileDescription: TrendMicro Activity Monitor Module 678c.5edc: \SystemRoot\System32\drivers\tmevtmgr.sys: 678c.5edc: CreationTime: 2018-10-01T18:24:58.000000000Z 678c.5edc: LastWriteTime: 2018-10-01T18:24:58.000000000Z 678c.5edc: ChangeTime: 2018-12-19T09:55:32.465901000Z 678c.5edc: FileAttributes: 0x20 678c.5edc: Size: 0x18830 678c.5edc: NT Headers: 0xe8 678c.5edc: Timestamp: 0x5bac4c1a 678c.5edc: Machine: 0x8664 - amd64 678c.5edc: Timestamp: 0x5bac4c1a 678c.5edc: Image Version: 6.0 678c.5edc: SizeOfImage: 0x19000 (102400) 678c.5edc: Resource Dir: 0x17000 LB 0x590 678c.5edc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 678c.5edc: [Raw version resource data: 0x17060 LB 0x52c, codepage 0x0 (reserved 0x0)] 678c.5edc: ProductName: Trend Micro AEGIS 678c.5edc: ProductVersion: 2.976 678c.5edc: FileVersion: 2.976.0.2193 678c.5edc: SpecialBuild: 2193 678c.5edc: PrivateBuild: Build 2193 - 9/27/2018 678c.5edc: FileDescription: TrendMicro Event Management Module 678c.5edc: \SystemRoot\System32\drivers\tmebc64.sys: 678c.5edc: CreationTime: 2016-04-21T03:08:10.000000000Z 678c.5edc: LastWriteTime: 2016-04-21T03:08:10.000000000Z 678c.5edc: ChangeTime: 2018-12-19T09:55:57.328693600Z 678c.5edc: FileAttributes: 0x20 678c.5edc: Size: 0x11b38 678c.5edc: NT Headers: 0xf8 678c.5edc: Timestamp: 0x564ac673 678c.5edc: Machine: 0x8664 - amd64 678c.5edc: Timestamp: 0x564ac673 678c.5edc: Image Version: 6.0 678c.5edc: SizeOfImage: 0x12000 (73728) 678c.5edc: Resource Dir: 0x10000 LB 0x6f8 678c.5edc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 678c.5edc: [Raw version resource data: 0x10060 LB 0x694, codepage 0x0 (reserved 0x0)] 678c.5edc: ProductName: Trend Micro Early Boot Clean 678c.5edc: ProductVersion: 1.5 678c.5edc: FileVersion: 1.5.0.1023 678c.5edc: SpecialBuild: 1023 678c.5edc: PrivateBuild: Build 1023 - 11/17/2015 678c.5edc: FileDescription: Trend Micro early boot driver 678c.5edc: \SystemRoot\System32\drivers\tmeevw.sys: 678c.5edc: CreationTime: 2017-04-25T07:39:52.000000000Z 678c.5edc: LastWriteTime: 2017-04-25T07:39:52.000000000Z 678c.5edc: ChangeTime: 2018-12-19T09:55:11.635558300Z 678c.5edc: FileAttributes: 0x20 678c.5edc: Size: 0x22ed8 678c.5edc: NT Headers: 0xf8 678c.5edc: Timestamp: 0x58f08d99 678c.5edc: Machine: 0x8664 - amd64 678c.5edc: Timestamp: 0x58f08d99 678c.5edc: Image Version: 10.0 678c.5edc: SizeOfImage: 0x23000 (143360) 678c.5edc: Resource Dir: 0x1d000 LB 0x4df0 678c.5edc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 678c.5edc: [Raw version resource data: 0x218fc LB 0x4f4, codepage 0x4e4 (reserved 0x0)] 678c.5edc: ProductName: Trend Micro EagleEye 678c.5edc: ProductVersion: 3.0 678c.5edc: FileVersion: 3.0.0.1005 678c.5edc: SpecialBuild: 1005 678c.5edc: PrivateBuild: Build 1005 - 4/14/2017 678c.5edc: FileDescription: Trend Micro EagleEye Driver (VW) (amd64-fre) 678c.5edc: \SystemRoot\System32\drivers\sakfile.sys: 678c.5edc: CreationTime: 2018-12-19T13:56:21.051912800Z 678c.5edc: LastWriteTime: 2018-09-28T06:38:12.000000000Z 678c.5edc: ChangeTime: 2019-01-22T00:16:11.186074400Z 678c.5edc: FileAttributes: 0x20 678c.5edc: Size: 0x1fdf0 678c.5edc: NT Headers: 0xe0 678c.5edc: Timestamp: 0x5bab5f62 678c.5edc: Machine: 0x8664 - amd64 678c.5edc: Timestamp: 0x5bab5f62 678c.5edc: Image Version: 0.0 678c.5edc: SizeOfImage: 0x20000 (131072) 678c.5edc: Resource Dir: 0x1e000 LB 0x558 678c.5edc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 678c.5edc: [Raw version resource data: 0x1e060 LB 0x4f4, codepage 0x0 (reserved 0x0)] 678c.5edc: ProductName: OfficeScan - Data Protection (DLPE-SDK) 678c.5edc: ProductVersion: 6.2 678c.5edc: FileVersion: 6.2.0.1235 678c.5edc: SpecialBuild: 1235 678c.5edc: PrivateBuild: Build 1235 - 9/26/2018 678c.5edc: FileDescription: Trend Micro Data Loss Prevention Driver 678c.5edc: \SystemRoot\System32\drivers\sakcd.sys: 678c.5edc: CreationTime: 2018-12-19T13:56:21.051912800Z 678c.5edc: LastWriteTime: 2018-09-28T06:38:12.000000000Z 678c.5edc: ChangeTime: 2019-01-22T00:16:11.326719700Z 678c.5edc: FileAttributes: 0x20 678c.5edc: Size: 0x17278 678c.5edc: NT Headers: 0xf0 678c.5edc: Timestamp: 0x5aa0b500 678c.5edc: Machine: 0x8664 - amd64 678c.5edc: Timestamp: 0x5aa0b500 678c.5edc: Image Version: 5.0 678c.5edc: SizeOfImage: 0x15000 (86016) 678c.5edc: Resource Dir: 0x13000 LB 0x518 678c.5edc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 678c.5edc: [Raw version resource data: 0x13060 LB 0x4b4, codepage 0x0 (reserved 0x0)] 678c.5edc: ProductName: OfficeScan - Data Protection (DLPE-SDK) 678c.5edc: ProductVersion: 6.2 678c.5edc: FileVersion: 6.2.0.1184 678c.5edc: SpecialBuild: 1184 678c.5edc: PrivateBuild: Build 1184 - 3/8/2018 678c.5edc: FileDescription: Trend Micro Data Loss Prevention Driver 678c.5edc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 678c.5edc: Calling main() 678c.5edc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 678c.5edc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 678c.37bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'advapi32.dll'. 678c.37bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'. 678c.37bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'secur32.dll'. 678c.37bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 678c.37bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'. 678c.37bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcp120.dll'. 678c.37bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr120.dll'. 678c.37bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'psapi.dll'. 678c.37bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Manufacturer\Endpoint Agent\clpbm64.dll) 678c.37bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Manufacturer\Endpoint Agent\clpbm64.dll 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'... 678c.5edc: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe) 678c.5edc: SUPR3HardenedMain: Respawn #2 678c.5edc: Error (rc=-5640): 678c.5edc: More than one thread in process 678c.5edc: Error -5640 in supR3HardenedWinReSpawn! (enmWhat=1) 678c.5edc: More than one thread in process 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardNtEnableThreadCreation: 678c.37bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\psapi.dll) 678c.37bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\psapi.dll 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr120.dll'... 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr120.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcr120.dll' [rcNtRedir=0xc0150008] 678c.37bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcr120.dll) 678c.37bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcr120.dll 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp120.dll'... 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp120.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp120.dll' [rcNtRedir=0xc0150008] 678c.37bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr120.dll'. 678c.37bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcp120.dll) 678c.37bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcp120.dll 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 678c.37bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'rpcrt4.dll'. 678c.37bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'. 678c.37bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'. 678c.37bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'. 678c.37bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll) 678c.37bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 678c.37bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. 678c.37bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'gdi32.dll'. 678c.37bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll) 678c.37bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'secur32.dll'... 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'secur32.dll' -> '\Device\HarddiskVolume4\Windows\System32\secur32.dll' [rcNtRedir=0xc0150008] 678c.37bc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\secur32.dll) 678c.37bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\secur32.dll 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 678c.37bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll) 678c.37bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 678c.37bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 678c.37bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'. 678c.37bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'. 678c.37bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll) 678c.37bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 678c.37bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'... 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008] 678c.37bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 678c.37bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll) 678c.37bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 678c.37bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll) 678c.37bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 678c.37bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll) 678c.37bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 678c.37bc: '\Device\HarddiskVolume4\Windows\System32\win32u.dll' has no imports 678c.37bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\win32u.dll) 678c.37bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\win32u.dll 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 678c.37bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 678c.37bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'bcryptprimitives.dll'. 678c.37bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll) 678c.37bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 678c.37bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 678c.37bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 678c.37bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr120.dll'... 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr120.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcr120.dll' [rcNtRedir=0xc0150008] 678c.37bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcr120.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] 678c.37bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll) 678c.37bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 678c.37bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 678c.37bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Manufacturer\Endpoint Agent\clpbm64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 678c.37bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Manufacturer\Endpoint Agent\clpbm64.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\secur32.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp120.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcr120.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 678c.37bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sspicli.dll) 678c.37bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sspicli.dll 678c.37bc: supR3HardenedDllNotificationCallback: load 00007ffe78030000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0] 678c.37bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedDllNotificationCallback: load 00007ffe77da0000 LB 0x00125000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0] 678c.37bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedDllNotificationCallback: load 00007ffe77c20000 LB 0x00059000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0] 678c.37bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedDllNotificationCallback: load 00007ffe77ed0000 LB 0x000a1000 C:\WINDOWS\System32\ADVAPI32.dll [fFlags=0x0] 678c.37bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedDllNotificationCallback: load 00007ffe6b360000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\Secur32.dll [fFlags=0x0] 678c.37bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\secur32.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedDllNotificationCallback: load 00007ffe74cb0000 LB 0x0001e000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0] 678c.37bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedDllNotificationCallback: load 00007ffe74b50000 LB 0x000f6000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0] 678c.37bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll) 678c.37bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll 678c.37bc: supR3HardenedDllNotificationCallback: load 00007ffe75780000 LB 0x0009a000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0] 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmm.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmm.dll 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 678c.37bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll) 678c.37bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll 678c.37bc: supR3HardenedDllNotificationCallback: load 00007ffe755a0000 LB 0x00189000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0] 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 678c.37bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 678c.37bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'gdi32.dll'. 678c.37bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'user32.dll'. 678c.37bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'win32u.dll'. 678c.37bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32full.dll) 678c.37bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32full.dll 678c.37bc: supR3HardenedDllNotificationCallback: load 00007ffe760e0000 LB 0x00027000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0] 678c.37bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedDllNotificationCallback: load 00007ffe777d0000 LB 0x0014a000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0] 678c.37bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedDllNotificationCallback: load 00007ffe75820000 LB 0x0006a000 C:\WINDOWS\System32\bcryptPrimitives.dll [fFlags=0x0] 678c.37bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedDllNotificationCallback: load 00007ffe77920000 LB 0x002f9000 C:\WINDOWS\System32\combase.dll [fFlags=0x0] 678c.37bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedDllNotificationCallback: load 00007ffe78190000 LB 0x00143000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0] 678c.37bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedDllNotificationCallback: load 00007ffe66450000 LB 0x000ef000 C:\WINDOWS\SYSTEM32\MSVCR120.dll [fFlags=0x0] 678c.37bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcr120.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedDllNotificationCallback: load 00007ffe667c0000 LB 0x000a6000 C:\WINDOWS\SYSTEM32\MSVCP120.dll [fFlags=0x0] 678c.37bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp120.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedDllNotificationCallback: load 00007ffe78150000 LB 0x00008000 C:\WINDOWS\System32\PSAPI.DLL [fFlags=0x0] 678c.37bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\psapi.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedDllNotificationCallback: load 00007ffe749a0000 LB 0x00030000 C:\WINDOWS\SYSTEM32\SSPICLI.DLL [fFlags=0x0] 678c.37bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sspicli.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedDllNotificationCallback: load 00007ffe59d50000 LB 0x00066000 C:\Program Files\Manufacturer\Endpoint Agent\clpbm64.dll [fFlags=0x0] 678c.37bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Manufacturer\Endpoint Agent\clpbm64.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 678c.37bc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 678c.37bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe75890000 'api-ms-win-core-synch-l1-2-0' 678c.37bc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 678c.37bc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 678c.37bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe75890000 'api-ms-win-core-fibers-l1-1-1' 678c.37bc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 678c.37bc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 678c.37bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe75890000 'api-ms-win-core-fibers-l1-1-1' 678c.37bc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 678c.37bc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 678c.37bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe75890000 'api-ms-win-core-synch-l1-2-0' 678c.37bc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1 678c.37bc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 678c.37bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe75890000 'api-ms-win-core-localization-l1-2-1' 678c.37bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 678c.37bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 678c.37bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 678c.37bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 678c.37bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 678c.37bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 678c.37bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 678c.37bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 678c.37bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'... 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008] 678c.37bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 678c.37bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmmbase.dll) 678c.37bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmmbase.dll 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 678c.37bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 678c.37bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe76030000 'C:\WINDOWS\System32\kernel32.dll' 678c.37bc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1 678c.37bc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 678c.37bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe75890000 'api-ms-win-core-string-l1-1-0' 678c.37bc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1 678c.37bc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 678c.37bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe75890000 'api-ms-win-core-datetime-l1-1-1' 678c.37bc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1 678c.37bc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 678c.37bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe75890000 'api-ms-win-core-localization-obsolete-l1-2-0' 678c.37bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'. 678c.37bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'win32u.dll'. 678c.37bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll) 678c.37bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 678c.37bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 678c.37bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 678c.37bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 678c.37bc: supR3HardenedDllNotificationCallback: load 00007ffe78160000 LB 0x0002d000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0] 678c.37bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [lacks WinVerifyTrust] 678c.37bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe78160000 'C:\WINDOWS\system32\IMM32.DLL' 678c.37bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe59d50000 'C:\Program Files\Manufacturer\Endpoint Agent\clpbm64.dll' 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #67 'user32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #69 'gdi32.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\opengl32.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\opengl32.dll 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\glu32.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\glu32.dll 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008] 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mpr.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mpr.dll 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'shlwapi.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'comctl32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'shell32.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\comdlg32.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comdlg32.dll 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'bcrypt.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\winspool.drv) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winspool.drv 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rcNtRedir=0x0] 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\comctl32.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comctl32.dll 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'gdi32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'user32.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01: [calling] 678c.5edc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.0_none_43a14f3b47f396e6\comctl32.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.0_none_43a14f3b47f396e6\comctl32.dll 678c.5edc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe69460000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe576c0000 LB 0x00121000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedDllNotificationCallback: load 0000000052960000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedDllNotificationCallback: load 00000000528c0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe780e0000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe23190000 LB 0x00590000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe75730000 LB 0x00049000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0] 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe77f80000 LB 0x000aa000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0] 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'rpcrt4.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'combase.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\SHCore.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\SHCore.dll 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe77d40000 LB 0x00051000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe74aa0000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0] 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe74ac0000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0] 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\powrprof.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\powrprof.dll 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe74b30000 LB 0x00015000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0] 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe74cd0000 LB 0x006f2000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0] 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'combase.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #63 'profapi.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\windows.storage.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\windows.storage.dll 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe76110000 LB 0x01437000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe62d10000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedDllNotificationCallback: load 00000000515d0000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe21200000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedDllNotificationCallback: load 0000000051b40000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe74660000 LB 0x00025000 C:\WINDOWS\SYSTEM32\bcrypt.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe6a410000 LB 0x00089000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [lacks WinVerifyTrust] 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe66fa0000 LB 0x000a6000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.0_none_43a14f3b47f396e6\COMCTL32.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.0_none_43a14f3b47f396e6\comctl32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe77550000 LB 0x00108000 C:\WINDOWS\System32\COMDLG32.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\comdlg32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe396c0000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedDllNotificationCallback: load 0000000052860000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe78570000 LB 0x000bf000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe72eb0000 LB 0x0002b000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe72ee0000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe21800000 LB 0x00a33000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe23190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe23190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe23190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe23190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe23190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe23190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe23190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe23190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe23190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe23190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe23190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe23190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe23190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe23190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe23190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe23190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe23190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe23190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe23190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe23190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe23190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe23190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe23190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe23190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe23190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe23190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe23190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe23190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe23190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe23190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe23190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe23190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe78160000 'C:\WINDOWS\System32\imm32.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe77ed0000 'C:\WINDOWS\System32\ADVAPI32.DLL' 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe74570000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe21800000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe76030000 'C:\WINDOWS\System32\kernel32.dll' 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 678c.5edc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe301b0000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe301b0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll' 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\uxtheme.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\uxtheme.dll 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 678c.5edc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe73240000 LB 0x00095000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe73240000 'C:\WINDOWS\system32\uxtheme.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe777d0000 'C:\WINDOWS\system32\user32.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe76110000 'C:\WINDOWS\system32\shell32.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe77f80000 'C:\WINDOWS\system32\SHCore.dll' 678c.5edc: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll' 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'win32u.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'user32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'gdi32.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dwmapi.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dwmapi.dll 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe72a40000 LB 0x0002a000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe72ee0000 'C:\WINDOWS\system32\winmm.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe72ee0000 'C:\WINDOWS\system32\winmm.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe76110000 'C:\WINDOWS\system32\shell32.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe73240000 'C:\WINDOWS\system32\uxtheme.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\gdi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe760e0000 'C:\WINDOWS\system32\gdi32.dll' 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe77660000 LB 0x00166000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0] 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'oleaut32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'gdi32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'imm32.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msctf.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msctf.dll 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe77da0000 'C:\WINDOWS\System32\rpcrt4.dll' 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe77c80000 LB 0x0009e000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0] 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\clbcatq.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\clbcatq.dll 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd3d11.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dcomp.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\DataExchange.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\DataExchange.dll 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume4\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dcomp.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dcomp.dll 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume4\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'win32u.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\d3d11.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\d3d11.dll 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dxgi.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dxgi.dll 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 678c.5edc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe739d0000 LB 0x000a4000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe71ac0000 LB 0x002df000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe713e0000 LB 0x00122000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe578e0000 LB 0x00047000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe578e0000 'C:\WINDOWS\system32\dataexchange.dll' 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'bcrypt.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'combase.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe73470000 LB 0x00170000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'coreuicomponents.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'coremessaging.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'coremessaging.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'shcore.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntmarta.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntmarta.dll 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'bcryptprimitives.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\WinTypes.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\WinTypes.dll 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\usermgrcli.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\usermgrcli.dll 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe73d80000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntmarta.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe721e0000 LB 0x000e3000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe71da0000 LB 0x00139000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WinTypes.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe71ee0000 LB 0x00015000 C:\WINDOWS\SYSTEM32\usermgrcli.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\usermgrcli.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe71f00000 LB 0x002d2000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe72580000 LB 0x00082000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume4\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.DLL (Input=OLEAUT32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe78570000 'C:\WINDOWS\System32\OLEAUT32.DLL' 678c.5edc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1 678c.5edc: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe777d0000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll' 678c.5edc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1 678c.5edc: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe777d0000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll' 678c.5edc: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll' 678c.5edc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-1.dll) -> 0x0, fPresent=1 678c.5edc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-1.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe77920000 'api-ms-win-core-com-l1-1-1.dll' 678c.5edc: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll' 678c.5edc: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll' 678c.5edc: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll' 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe77660000 'C:\WINDOWS\System32\MSCTF.dll' 678c.5084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 678c.5084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'. 678c.5084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'devobj.dll'. 678c.5084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'propsys.dll'. 678c.5084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll) 678c.5084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll 678c.5084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'cfgmgr32.dll'. 678c.5084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\devobj.dll) 678c.5084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devobj.dll 678c.5084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 678c.5084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'. 678c.5084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'. 678c.5084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\propsys.dll) 678c.5084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\propsys.dll 678c.5084: supR3HardenedDllNotificationCallback: load 00007ffe73620000 LB 0x00028000 C:\WINDOWS\SYSTEM32\DEVOBJ.dll [fFlags=0x0] 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedDllNotificationCallback: load 00007ffe6f0f0000 LB 0x00196000 C:\WINDOWS\SYSTEM32\PROPSYS.dll [fFlags=0x0] 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedDllNotificationCallback: load 00007ffe68b00000 LB 0x00067000 C:\WINDOWS\SYSTEM32\MMDevAPI.DLL [fFlags=0x0] 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 678c.5084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'. 678c.5084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'ksuser.dll'. 678c.5084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'avrt.dll'. 678c.5084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\wdmaud.drv) 678c.5084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wdmaud.drv 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'... 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008] 678c.5084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\avrt.dll) 678c.5084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\avrt.dll 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'... 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume4\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008] 678c.5084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 678c.5084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ksuser.dll) 678c.5084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ksuser.dll 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] 678c.5084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 678c.5084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 678c.5084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 678c.5084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 678c.5084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] 678c.5084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'... 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume4\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008] 678c.5084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'... 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008] 678c.5084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 678c.5084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 678c.5084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 678c.5084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 678c.5084: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv [lacks WinVerifyTrust] 678c.5084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedDllNotificationCallback: load 00007ffe3e700000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0] 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedDllNotificationCallback: load 00007ffe6b660000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0] 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedDllNotificationCallback: load 00007ffe4ed10000 LB 0x00041000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0] 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4ed10000 'C:\WINDOWS\System32\wdmaud.drv' 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 678c.5084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4ed10000 'C:\WINDOWS\System32\wdmaud.drv' 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 678c.5084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe68b00000 'C:\WINDOWS\System32\MMDEVAPI.DLL' 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 678c.5084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4ed10000 'C:\WINDOWS\System32\wdmaud.drv' 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 678c.5084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4ed10000 'C:\WINDOWS\System32\wdmaud.drv' 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 678c.5084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4ed10000 'C:\WINDOWS\System32\wdmaud.drv' 678c.5084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 678c.5084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'. 678c.5084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'. 678c.5084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'mmdevapi.dll'. 678c.5084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'avrt.dll'. 678c.5084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\AudioSes.dll) 678c.5084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\AudioSes.dll 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'... 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008] 678c.5084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] 678c.5084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 678c.5084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 678c.5084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 678c.5084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 678c.5084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedDllNotificationCallback: load 00007ffe68010000 LB 0x00105000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0] 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe68010000 'C:\WINDOWS\System32\AUDIOSES.DLL' 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 678c.5084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4ed10000 'C:\WINDOWS\System32\wdmaud.drv' 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 678c.5084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4ed10000 'C:\WINDOWS\System32\wdmaud.drv' 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4ed10000 'C:\WINDOWS\System32\wdmaud.drv' 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4ed10000 'C:\WINDOWS\System32\wdmaud.drv' 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4ed10000 'C:\WINDOWS\System32\wdmaud.drv' 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4ed10000 'C:\WINDOWS\System32\wdmaud.drv' 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4ed10000 'C:\WINDOWS\System32\wdmaud.drv' 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4ed10000 'C:\WINDOWS\System32\wdmaud.drv' 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4ed10000 'C:\WINDOWS\System32\wdmaud.drv' 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 678c.5084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4ed10000 'C:\WINDOWS\System32\wdmaud.drv' 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4ed10000 'C:\WINDOWS\System32\wdmaud.drv' 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4ed10000 'C:\WINDOWS\System32\wdmaud.drv' 678c.5084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 678c.5084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'mmdevapi.dll'. 678c.5084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msacm32.dll'. 678c.5084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmmbase.dll'. 678c.5084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\msacm32.drv) 678c.5084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.drv 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'... 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008] 678c.5084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'... 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008] 678c.5084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 678c.5084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.dll) 678c.5084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.dll 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] 678c.5084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 678c.5084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 678c.5084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 678c.5084: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv [lacks WinVerifyTrust] 678c.5084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedDllNotificationCallback: load 00007ffe39690000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0] 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedDllNotificationCallback: load 00007ffe70710000 LB 0x0000d000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0] 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe70710000 'C:\WINDOWS\System32\msacm32.drv' 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 678c.5084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe70710000 'C:\WINDOWS\System32\msacm32.drv' 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 678c.5084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe70710000 'C:\WINDOWS\System32\msacm32.drv' 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 678c.5084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe70710000 'C:\WINDOWS\System32\msacm32.drv' 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 678c.5084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe70710000 'C:\WINDOWS\System32\msacm32.drv' 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 678c.5084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe70710000 'C:\WINDOWS\System32\msacm32.drv' 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 678c.5084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe70710000 'C:\WINDOWS\System32\msacm32.drv' 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe70710000 'C:\WINDOWS\System32\msacm32.drv' 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe70710000 'C:\WINDOWS\System32\msacm32.drv' 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe70710000 'C:\WINDOWS\System32\msacm32.drv' 678c.5084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 678c.5084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'winmm.dll'. 678c.5084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\midimap.dll) 678c.5084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\midimap.dll 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 678c.5084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 678c.5084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 678c.5084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 678c.5084: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\midimap.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedDllNotificationCallback: load 00007ffe6b0a0000 LB 0x0000a000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0] 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\midimap.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6b0a0000 'C:\WINDOWS\System32\midimap.dll' 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\midimap.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 678c.5084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6b0a0000 'C:\WINDOWS\System32\midimap.dll' 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\midimap.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 678c.5084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6b0a0000 'C:\WINDOWS\System32\midimap.dll' 678c.5084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\midimap.dll [lacks WinVerifyTrust] 678c.5084: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] 678c.5084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6b0a0000 'C:\WINDOWS\System32\midimap.dll' 678c.1d38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll [lacks WinVerifyTrust] 678c.1d38: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] 678c.1d38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe68b00000 'C:\WINDOWS\System32\MMDevApi.dll' 678c.27e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 678c.27e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe77ed0000 'C:\WINDOWS\System32\ADVAPI32.DLL' 678c.27e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sspicli.dll [lacks WinVerifyTrust] 678c.27e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\sspicli.dll (Input=sspicli.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 678c.27e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe749a0000 'C:\WINDOWS\System32\sspicli.dll' 678c.5edc: \Device\HarddiskVolume4\Program Files (x86)\Samsung\Easy Printer Manager\SmartScreenPrint\CDAKEYMonitor64.dll: Owner is administrators group. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shell32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'. 678c.5edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. 678c.5edc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Program Files (x86)\Samsung\Easy Printer Manager\SmartScreenPrint\CDAKEYMonitor64.dll) 678c.5edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files (x86)\Samsung\Easy Printer Manager\SmartScreenPrint\CDAKEYMonitor64.dll 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 678c.5edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 678c.5edc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\Samsung\Easy Printer Manager\SmartScreenPrint\CDAKEYMonitor64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 678c.5edc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Program Files (x86)\Samsung\Easy Printer Manager\SmartScreenPrint\CDAKEYMonitor64.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedDllNotificationCallback: load 00007ffe70980000 LB 0x00025000 C:\Program Files (x86)\Samsung\Easy Printer Manager\SmartScreenPrint\CDAKEYMonitor64.dll [fFlags=0x0] 678c.5edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Program Files (x86)\Samsung\Easy Printer Manager\SmartScreenPrint\CDAKEYMonitor64.dll [lacks WinVerifyTrust] 678c.5edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe70980000 'C:\Program Files (x86)\Samsung\Easy Printer Manager\SmartScreenPrint\CDAKEYMonitor64.dll' 6674.5c8c: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 897249 ms, the end);