28a0.1c28: Log file opened: 6.1.12r139181 g_hStartupLog=0000000000000074 g_uNtVerCombined=0xa047bb00 28a0.1c28: \SystemRoot\System32\ntdll.dll: 28a0.1c28: CreationTime: 2020-07-22T06:39:52.722087600Z 28a0.1c28: LastWriteTime: 2020-07-22T06:39:52.737736600Z 28a0.1c28: ChangeTime: 2020-07-22T06:57:41.475577900Z 28a0.1c28: FileAttributes: 0x20 28a0.1c28: Size: 0x1e8460 28a0.1c28: NT Headers: 0xd8 28a0.1c28: Timestamp: 0xb29ecf52 28a0.1c28: Machine: 0x8664 - amd64 28a0.1c28: Timestamp: 0xb29ecf52 28a0.1c28: Image Version: 10.0 28a0.1c28: SizeOfImage: 0x1f0000 (2031616) 28a0.1c28: Resource Dir: 0x17f000 LB 0x6f310 28a0.1c28: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 28a0.1c28: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)] 28a0.1c28: ProductName: Microsoft® Windows® Operating System 28a0.1c28: ProductVersion: 10.0.18362.815 28a0.1c28: FileVersion: 10.0.18362.815 (WinBuild.160101.0800) 28a0.1c28: FileDescription: NT Layer DLL 28a0.1c28: \SystemRoot\System32\kernel32.dll: 28a0.1c28: CreationTime: 2020-07-22T06:39:35.572371500Z 28a0.1c28: LastWriteTime: 2020-07-22T06:39:35.572371500Z 28a0.1c28: ChangeTime: 2020-07-22T06:57:41.022465900Z 28a0.1c28: FileAttributes: 0x20 28a0.1c28: Size: 0xb0498 28a0.1c28: NT Headers: 0xe8 28a0.1c28: Timestamp: 0xce6bbd73 28a0.1c28: Machine: 0x8664 - amd64 28a0.1c28: Timestamp: 0xce6bbd73 28a0.1c28: Image Version: 10.0 28a0.1c28: SizeOfImage: 0xb2000 (729088) 28a0.1c28: Resource Dir: 0xb0000 LB 0x520 28a0.1c28: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 28a0.1c28: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 28a0.1c28: ProductName: Microsoft® Windows® Operating System 28a0.1c28: ProductVersion: 10.0.18362.959 28a0.1c28: FileVersion: 10.0.18362.959 (WinBuild.160101.0800) 28a0.1c28: FileDescription: Windows NT BASE API Client DLL 28a0.1c28: \SystemRoot\System32\KernelBase.dll: 28a0.1c28: CreationTime: 2020-07-22T06:57:20.479306600Z 28a0.1c28: LastWriteTime: 2020-07-22T06:57:20.526169200Z 28a0.1c28: ChangeTime: 2020-07-22T06:59:21.051113100Z 28a0.1c28: FileAttributes: 0x20 28a0.1c28: Size: 0x2a3868 28a0.1c28: NT Headers: 0xf8 28a0.1c28: Timestamp: 0x91b9349a 28a0.1c28: Machine: 0x8664 - amd64 28a0.1c28: Timestamp: 0x91b9349a 28a0.1c28: Image Version: 10.0 28a0.1c28: SizeOfImage: 0x2a4000 (2768896) 28a0.1c28: Resource Dir: 0x27e000 LB 0x548 28a0.1c28: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 28a0.1c28: [Raw version resource data: 0x27e0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 28a0.1c28: ProductName: Microsoft® Windows® Operating System 28a0.1c28: ProductVersion: 10.0.18362.997 28a0.1c28: FileVersion: 10.0.18362.997 (WinBuild.160101.0800) 28a0.1c28: FileDescription: Windows NT BASE API Client DLL 28a0.1c28: \SystemRoot\System32\apisetschema.dll: 28a0.1c28: CreationTime: 2019-03-19T04:43:54.837151500Z 28a0.1c28: LastWriteTime: 2019-03-19T04:43:54.837151500Z 28a0.1c28: ChangeTime: 2020-07-22T06:57:41.022465900Z 28a0.1c28: FileAttributes: 0x20 28a0.1c28: Size: 0x1d028 28a0.1c28: NT Headers: 0xc8 28a0.1c28: Timestamp: 0xd6ced080 28a0.1c28: Machine: 0x8664 - amd64 28a0.1c28: Timestamp: 0xd6ced080 28a0.1c28: Image Version: 10.0 28a0.1c28: SizeOfImage: 0x1e000 (122880) 28a0.1c28: Resource Dir: 0x1d000 LB 0x408 28a0.1c28: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 28a0.1c28: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 28a0.1c28: ProductName: Microsoft® Windows® Operating System 28a0.1c28: ProductVersion: 10.0.18362.1 28a0.1c28: FileVersion: 10.0.18362.1 (WinBuild.160101.0800) 28a0.1c28: FileDescription: ApiSet Schema DLL 28a0.1c28: NtOpenDirectoryObject failed on \Driver: 0xc0000022 28a0.1c28: supR3HardenedWinFindAdversaries: 0x0 28a0.1c28: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 28a0.1c28: Calling main() 28a0.1c28: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 28a0.1c28: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 28a0.1c28: SUPR3HardenedMain: Respawn #1 28a0.1c28: System32: \Device\HarddiskVolume3\Windows\System32 28a0.1c28: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS 28a0.1c28: KnownDllPath: C:\Windows\System32 28a0.1c28: supR3HardenedWinInit: Performing a limited self purification... 28a0.1c28: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION 28a0.1c28: *0000000000000000-0000000000e2ffff 0x0001/0x0000 0x0000000 28a0.1c28: *0000000000e30000-0000000000e3ffff 0x0004/0x0004 0x0040000 28a0.1c28: 0000000000e40000-0000000000e4ffff 0x0001/0x0000 0x0000000 28a0.1c28: *0000000000e50000-0000000000e6afff 0x0002/0x0002 0x0040000 28a0.1c28: 0000000000e6b000-0000000000e6ffff 0x0001/0x0000 0x0000000 28a0.1c28: *0000000000e70000-0000000000f28fff 0x0000/0x0004 0x0020000 28a0.1c28: 0000000000f29000-0000000000f2bfff 0x0104/0x0004 0x0020000 28a0.1c28: 0000000000f2c000-0000000000f6ffff 0x0004/0x0004 0x0020000 28a0.1c28: *0000000000f70000-0000000000f73fff 0x0002/0x0002 0x0040000 28a0.1c28: 0000000000f74000-0000000000f7ffff 0x0001/0x0000 0x0000000 28a0.1c28: *0000000000f80000-0000000000f81fff 0x0004/0x0004 0x0020000 28a0.1c28: 0000000000f82000-0000000000f8ffff 0x0001/0x0000 0x0000000 28a0.1c28: *0000000000f90000-0000000000f91fff 0x0004/0x0004 0x0020000 28a0.1c28: 0000000000f92000-0000000000fc1fff 0x0000/0x0004 0x0020000 28a0.1c28: 0000000000fc2000-0000000000ffffff 0x0001/0x0000 0x0000000 28a0.1c28: *0000000001000000-00000000011cafff 0x0000/0x0004 0x0020000 28a0.1c28: 00000000011cb000-00000000011cdfff 0x0004/0x0004 0x0020000 28a0.1c28: 00000000011ce000-00000000011fffff 0x0000/0x0004 0x0020000 28a0.1c28: *0000000001200000-00000000012c6fff 0x0002/0x0002 0x0040000 28a0.1c28: 00000000012c7000-000000000131ffff 0x0001/0x0000 0x0000000 28a0.1c28: *0000000001320000-0000000001324fff 0x0004/0x0004 0x0020000 28a0.1c28: 0000000001325000-000000000141ffff 0x0000/0x0004 0x0020000 28a0.1c28: *0000000001420000-000000000143cfff 0x0004/0x0004 0x0020000 28a0.1c28: 000000000143d000-000000000151ffff 0x0000/0x0004 0x0020000 28a0.1c28: 0000000001520000-00000000015dffff 0x0001/0x0000 0x0000000 28a0.1c28: *00000000015e0000-00000000015eefff 0x0004/0x0004 0x0020000 28a0.1c28: 00000000015ef000-00000000015effff 0x0000/0x0004 0x0020000 28a0.1c28: *00000000015f0000-00000000015f5fff 0x0000/0x0004 0x0020000 28a0.1c28: 00000000015f6000-00000000017e6fff 0x0004/0x0004 0x0020000 28a0.1c28: 00000000017e7000-00000000017e7fff 0x0000/0x0004 0x0020000 28a0.1c28: 00000000017e8000-000000007ffdffff 0x0001/0x0000 0x0000000 28a0.1c28: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 28a0.1c28: 000000007ffe1000-000000007ffe1fff 0x0001/0x0000 0x0000000 28a0.1c28: *000000007ffe2000-000000007ffe2fff 0x0002/0x0002 0x0020000 28a0.1c28: 000000007ffe3000-00007ff47611ffff 0x0001/0x0000 0x0000000 28a0.1c28: *00007ff476120000-00007ff476124fff 0x0002/0x0002 0x0040000 28a0.1c28: 00007ff476125000-00007ff47621ffff 0x0000/0x0002 0x0040000 28a0.1c28: *00007ff476220000-00007ff57623ffff 0x0000/0x0004 0x0020000 28a0.1c28: *00007ff576240000-00007ff57823ffff 0x0000/0x0004 0x0020000 28a0.1c28: 00007ff578240000-00007ff578240fff 0x0004/0x0004 0x0020000 28a0.1c28: 00007ff578241000-00007ff57824ffff 0x0001/0x0000 0x0000000 28a0.1c28: *00007ff578250000-00007ff578250fff 0x0002/0x0002 0x0040000 28a0.1c28: 00007ff578251000-00007ff57825ffff 0x0001/0x0000 0x0000000 28a0.1c28: *00007ff578260000-00007ff578292fff 0x0002/0x0002 0x0040000 28a0.1c28: 00007ff578293000-00007ff7b0f7ffff 0x0001/0x0000 0x0000000 28a0.1c28: *00007ff7b0f80000-00007ff7b0f80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 28a0.1c28: 00007ff7b0f81000-00007ff7b0ff6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 28a0.1c28: 00007ff7b0ff7000-00007ff7b0ff7fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 28a0.1c28: 00007ff7b0ff8000-00007ff7b103ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 28a0.1c28: 00007ff7b1040000-00007ff7b1042fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 28a0.1c28: 00007ff7b1043000-00007ff7b1045fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 28a0.1c28: 00007ff7b1046000-00007ff7b1048fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 28a0.1c28: 00007ff7b1049000-00007ff7b1049fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 28a0.1c28: 00007ff7b104a000-00007ff7b104bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 28a0.1c28: 00007ff7b104c000-00007ff7b104cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 28a0.1c28: 00007ff7b104d000-00007ff7b1095fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 28a0.1c28: 00007ff7b1096000-00007ffc412fffff 0x0001/0x0000 0x0000000 28a0.1c28: *00007ffc41300000-00007ffc41300fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 28a0.1c28: 00007ffc41301000-00007ffc41405fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 28a0.1c28: 00007ffc41406000-00007ffc41568fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 28a0.1c28: 00007ffc41569000-00007ffc4156cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 28a0.1c28: 00007ffc4156d000-00007ffc4156dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 28a0.1c28: 00007ffc4156e000-00007ffc415a3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 28a0.1c28: 00007ffc415a4000-00007ffc42c4ffff 0x0001/0x0000 0x0000000 28a0.1c28: *00007ffc42c50000-00007ffc42c50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 28a0.1c28: 00007ffc42c51000-00007ffc42cc5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 28a0.1c28: 00007ffc42cc6000-00007ffc42cf7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 28a0.1c28: 00007ffc42cf8000-00007ffc42cf8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 28a0.1c28: 00007ffc42cf9000-00007ffc42cf9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 28a0.1c28: 00007ffc42cfa000-00007ffc42d01fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 28a0.1c28: 00007ffc42d02000-00007ffc4437ffff 0x0001/0x0000 0x0000000 28a0.1c28: *00007ffc44380000-00007ffc44380fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 28a0.1c28: 00007ffc44381000-00007ffc44497fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 28a0.1c28: 00007ffc44498000-00007ffc444defff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 28a0.1c28: 00007ffc444df000-00007ffc444dffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 28a0.1c28: 00007ffc444e0000-00007ffc444e1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 28a0.1c28: 00007ffc444e2000-00007ffc444eafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 28a0.1c28: 00007ffc444eb000-00007ffc4456ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 28a0.1c28: 00007ffc44570000-00007ffffffeffff 0x0001/0x0000 0x0000000 28a0.1c28: kernel32.dll: timestamp 0xce6bbd73 (rc=VINF_SUCCESS) 28a0.1c28: kernelbase.dll: timestamp 0x91b9349a (rc=VINF_SUCCESS) 28a0.1c28: VirtualBoxVM.exe: timestamp 0x5f08d7bc (rc=VINF_SUCCESS) 28a0.1c28: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 28a0.1c28: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports 28a0.1c28: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0 28a0.1c28: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 28a0.1c28: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 28a0.1c28: supR3HardNtEnableThreadCreationEx: 28a0.1c28: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc443f1770 pvNtTerminateThread=00007ffc4441cac0 28a0.1c28: supR3HardenedWinDoReSpawn(1): New child 2b18.2b1c [kernel32]. 28a0.1c28: supR3HardNtChildGatherData: PebBaseAddress=0000000000958000 cbPeb=0x388 28a0.1c28: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffc44380000 uNtDllChildAddr=00007ffc44380000 28a0.1c28: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffc443f1770 28a0.1c28: supR3HardenedWinSetupChildInit: Initial context: rax=0000000000000000 rbx=0000000000000000 rcx=00007ff7b0f87900 rdx=0000000000958000 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000 rip=00007ffc443ece30 rsp=000000000075fa78 rbp=0000000000000000 ctxflags=0010001b cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000 28a0.1c28: supR3HardenedWinSetupChildInit: Start child. 28a0.1c28: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 28a0.1c28: supR3HardNtChildPurify: Startup delay kludge #1/0: 259 ms, 26 sleeps 28a0.1c28: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 28a0.1c28: *0000000000000000-000000000061ffff 0x0001/0x0000 0x0000000 28a0.1c28: *0000000000620000-000000000063ffff 0x0004/0x0004 0x0020000 28a0.1c28: *0000000000640000-000000000065afff 0x0002/0x0002 0x0040000 28a0.1c28: 000000000065b000-000000000065ffff 0x0001/0x0000 0x0000000 28a0.1c28: *0000000000660000-000000000075afff 0x0000/0x0004 0x0020000 28a0.1c28: 000000000075b000-000000000075dfff 0x0104/0x0004 0x0020000 28a0.1c28: 000000000075e000-000000000075ffff 0x0004/0x0004 0x0020000 28a0.1c28: *0000000000760000-0000000000763fff 0x0002/0x0002 0x0040000 28a0.1c28: 0000000000764000-000000000076ffff 0x0001/0x0000 0x0000000 28a0.1c28: *0000000000770000-0000000000771fff 0x0004/0x0004 0x0020000 28a0.1c28: 0000000000772000-00000000007fffff 0x0001/0x0000 0x0000000 28a0.1c28: *0000000000800000-0000000000957fff 0x0000/0x0004 0x0020000 28a0.1c28: 0000000000958000-000000000095afff 0x0004/0x0004 0x0020000 28a0.1c28: 000000000095b000-00000000009fffff 0x0000/0x0004 0x0020000 28a0.1c28: 0000000000a00000-000000007ffdffff 0x0001/0x0000 0x0000000 28a0.1c28: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 28a0.1c28: 000000007ffe1000-000000007ffe1fff 0x0001/0x0000 0x0000000 28a0.1c28: *000000007ffe2000-000000007ffe2fff 0x0002/0x0002 0x0020000 28a0.1c28: 000000007ffe3000-00007ff57f0cffff 0x0001/0x0000 0x0000000 28a0.1c28: *00007ff57f0d0000-00007ff57f0d0fff 0x0002/0x0002 0x0040000 28a0.1c28: 00007ff57f0d1000-00007ff57f0dffff 0x0001/0x0000 0x0000000 28a0.1c28: *00007ff57f0e0000-00007ff57f112fff 0x0002/0x0002 0x0040000 28a0.1c28: 00007ff57f113000-00007ff7b0f7ffff 0x0001/0x0000 0x0000000 28a0.1c28: *00007ff7b0f80000-00007ff7b0f80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 28a0.1c28: 00007ff7b0f81000-00007ff7b0ff6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 28a0.1c28: 00007ff7b0ff7000-00007ff7b0ff7fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 28a0.1c28: 00007ff7b0ff8000-00007ff7b103ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 28a0.1c28: 00007ff7b1040000-00007ff7b1040fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 28a0.1c28: 00007ff7b1041000-00007ff7b1041fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 28a0.1c28: 00007ff7b1042000-00007ff7b1046fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 28a0.1c28: 00007ff7b1047000-00007ff7b1047fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 28a0.1c28: 00007ff7b1048000-00007ff7b1048fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 28a0.1c28: 00007ff7b1049000-00007ff7b104cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 28a0.1c28: 00007ff7b104d000-00007ff7b1095fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 28a0.1c28: 00007ff7b1096000-00007ffc4437ffff 0x0001/0x0000 0x0000000 28a0.1c28: *00007ffc44380000-00007ffc44380fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 28a0.1c28: 00007ffc44381000-00007ffc44497fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 28a0.1c28: 00007ffc44498000-00007ffc444defff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 28a0.1c28: 00007ffc444df000-00007ffc444eafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 28a0.1c28: 00007ffc444eb000-00007ffc444f9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 28a0.1c28: 00007ffc444fa000-00007ffc444fafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 28a0.1c28: 00007ffc444fb000-00007ffc444fdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 28a0.1c28: 00007ffc444fe000-00007ffc4456ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 28a0.1c28: 00007ffc44570000-00007ffffffeffff 0x0001/0x0000 0x0000000 28a0.1c28: supR3HardNtChildPurify: Done after 264 ms and 0 fixes (loop #0). 2b18.2b1c: Log file opened: 6.1.12r139181 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047bb00 2b18.2b1c: supR3HardenedVmProcessInit: uNtDllAddr=00007ffc44380000 g_uNtVerCombined=0xa047bb00 (stack ~000000000075f508) 2b18.2b1c: ntdll.dll: timestamp 0xb29ecf52 (rc=VINF_SUCCESS) 2b18.2b1c: New simple heap: #1 0000000000b00000 LB 0x400000 (for 2031616 allocation) 2b18.2b1c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 28a0.1c28: supR3HardNtEnableThreadCreationEx: 2b18.2b1c: System32: \Device\HarddiskVolume3\Windows\System32 2b18.2b1c: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS 2b18.2b1c: KnownDllPath: C:\Windows\System32 2b18.2b1c: supR3HardenedVmProcessInit: Opening vboxdrv stub... 2b18.2b1c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 2b18.2b1c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 2b18.2b1c: Registered Dll notification callback with NTDLL. 2b18.2b1c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll) 2b18.2b1c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll 2b18.2b1c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] 2b18.2b1c: supR3HardenedDllNotificationCallback: load 00007ffc41300000 LB 0x002a4000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0] 2b18.2b1c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll) 2b18.2b1c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 2b18.2b1c: supR3HardenedDllNotificationCallback: load 00007ffc42c50000 LB 0x000b2000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0] 2b18.2b1c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 2b18.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc42c50000 'C:\Windows\System32\KERNEL32.DLL' 2b18.2b1c: supR3HardenedDllNotificationCallback: load 00007ff7b0f80000 LB 0x00116000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0] 2b18.2b1c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 2b18.2b1c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 2b18.2b1c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2b18.2b1c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc443f1770 pvNtTerminateThread=00007ffc4441cac0 2b18.2b1c: \SystemRoot\System32\ntdll.dll: 2b18.2b1c: CreationTime: 2020-07-22T06:39:52.722087600Z 28a0.1c28: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 53 ms. 2b18.2b1c: LastWriteTime: 2020-07-22T06:39:52.737736600Z 2b18.2b1c: ChangeTime: 2020-07-22T06:57:41.475577900Z 2b18.2b1c: FileAttributes: 0x20 2b18.2b1c: Size: 0x1e8460 2b18.2b1c: NT Headers: 0xd8 2b18.2b1c: Timestamp: 0xb29ecf52 2b18.2b1c: Machine: 0x8664 - amd64 2b18.2b1c: Timestamp: 0xb29ecf52 2b18.2b1c: Image Version: 10.0 2b18.2b1c: SizeOfImage: 0x1f0000 (2031616) 2b18.2b1c: Resource Dir: 0x17f000 LB 0x6f310 2b18.2b1c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 2b18.2b1c: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)] 2b18.2b1c: ProductName: Microsoft® Windows® Operating System 2b18.2b1c: ProductVersion: 10.0.18362.815 2b18.2b1c: FileVersion: 10.0.18362.815 (WinBuild.160101.0800) 2b18.2b1c: FileDescription: NT Layer DLL 2b18.2b1c: \SystemRoot\System32\kernel32.dll: 2b18.2b1c: CreationTime: 2020-07-22T06:39:35.572371500Z 2b18.2b1c: LastWriteTime: 2020-07-22T06:39:35.572371500Z 2b18.2b1c: ChangeTime: 2020-07-22T06:57:41.022465900Z 2b18.2b1c: FileAttributes: 0x20 2b18.2b1c: Size: 0xb0498 2b18.2b1c: NT Headers: 0xe8 2b18.2b1c: Timestamp: 0xce6bbd73 2b18.2b1c: Machine: 0x8664 - amd64 2b18.2b1c: Timestamp: 0xce6bbd73 2b18.2b1c: Image Version: 10.0 2b18.2b1c: SizeOfImage: 0xb2000 (729088) 2b18.2b1c: Resource Dir: 0xb0000 LB 0x520 2b18.2b1c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2b18.2b1c: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 2b18.2b1c: ProductName: Microsoft® Windows® Operating System 2b18.2b1c: ProductVersion: 10.0.18362.959 2b18.2b1c: FileVersion: 10.0.18362.959 (WinBuild.160101.0800) 2b18.2b1c: FileDescription: Windows NT BASE API Client DLL 2b18.2b1c: \SystemRoot\System32\KernelBase.dll: 2b18.2b1c: CreationTime: 2020-07-22T06:57:20.479306600Z 2b18.2b1c: LastWriteTime: 2020-07-22T06:57:20.526169200Z 2b18.2b1c: ChangeTime: 2020-07-22T06:59:21.051113100Z 2b18.2b1c: FileAttributes: 0x20 2b18.2b1c: Size: 0x2a3868 2b18.2b1c: NT Headers: 0xf8 2b18.2b1c: Timestamp: 0x91b9349a 2b18.2b1c: Machine: 0x8664 - amd64 2b18.2b1c: Timestamp: 0x91b9349a 2b18.2b1c: Image Version: 10.0 2b18.2b1c: SizeOfImage: 0x2a4000 (2768896) 2b18.2b1c: Resource Dir: 0x27e000 LB 0x548 2b18.2b1c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2b18.2b1c: [Raw version resource data: 0x27e0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 2b18.2b1c: ProductName: Microsoft® Windows® Operating System 2b18.2b1c: ProductVersion: 10.0.18362.997 2b18.2b1c: FileVersion: 10.0.18362.997 (WinBuild.160101.0800) 2b18.2b1c: FileDescription: Windows NT BASE API Client DLL 2b18.2b1c: \SystemRoot\System32\apisetschema.dll: 2b18.2b1c: CreationTime: 2019-03-19T04:43:54.837151500Z 2b18.2b1c: LastWriteTime: 2019-03-19T04:43:54.837151500Z 2b18.2b1c: ChangeTime: 2020-07-22T06:57:41.022465900Z 2b18.2b1c: FileAttributes: 0x20 2b18.2b1c: Size: 0x1d028 2b18.2b1c: NT Headers: 0xc8 2b18.2b1c: Timestamp: 0xd6ced080 2b18.2b1c: Machine: 0x8664 - amd64 2b18.2b1c: Timestamp: 0xd6ced080 2b18.2b1c: Image Version: 10.0 2b18.2b1c: SizeOfImage: 0x1e000 (122880) 2b18.2b1c: Resource Dir: 0x1d000 LB 0x408 2b18.2b1c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2b18.2b1c: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 2b18.2b1c: ProductName: Microsoft® Windows® Operating System 2b18.2b1c: ProductVersion: 10.0.18362.1 2b18.2b1c: FileVersion: 10.0.18362.1 (WinBuild.160101.0800) 2b18.2b1c: FileDescription: ApiSet Schema DLL 2b18.2b1c: NtOpenDirectoryObject failed on \Driver: 0xc0000022 2b18.2b1c: supR3HardenedWinFindAdversaries: 0x0 2b18.2b1c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 2b18.2b1c: Calling main() 2b18.2b1c: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 2b18.2b1c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 2b18.2b1c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 2b18.2b1c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 2b18.2b1c: SUPR3HardenedMain: Respawn #2 2b18.2b1c: supR3HardNtEnableThreadCreationEx: 2b18.2b1c: supR3HardenedDllNotificationCallback: load 00007ffc435d0000 LB 0x00120000 C:\Windows\System32\RPCRT4.dll [fFlags=0x0] 2b18.2b1c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll) 2b18.2b1c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 2b18.2b1c: supR3HardenedDllNotificationCallback: load 00007ffc42a60000 LB 0x00097000 C:\Windows\System32\sechost.dll [fFlags=0x0] 2b18.2b1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'. 2b18.2b1c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll) 2b18.2b1c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll 2b18.2b1c: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports 2b18.2b1c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll) 2b18.2b1c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2b18.2b1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2b18.2b1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2b18.2b1c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2b18.2b1c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2b18.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc44380000 'C:\Windows\System32\ntdll.dll' 2b18.2b1c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc443f1770 pvNtTerminateThread=00007ffc4441cac0 2b18.2b1c: supR3HardenedWinDoReSpawn(2): New child fc8.25d4 [kernel32]. 2b18.2b1c: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless) 2b18.2b1c: supR3HardNtChildGatherData: PebBaseAddress=000000000083c000 cbPeb=0x388 2b18.2b1c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffc44380000 uNtDllChildAddr=00007ffc44380000 2b18.2b1c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffc443f1770 2b18.2b1c: supR3HardenedWinSetupChildInit: Initial context: rax=0000000000000000 rbx=0000000000000000 rcx=00007ff7b0f87900 rdx=000000000083c000 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000 rip=00007ffc443ece30 rsp=0000000000afffa8 rbp=0000000000000000 ctxflags=0010001b cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000 2b18.2b1c: kernel32.dll: timestamp 0xce6bbd73 (rc=VINF_SUCCESS) 2b18.2b1c: supR3HardenedWinSetupChildInit: Start child. 2b18.2b1c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 2b18.2b1c: supR3HardNtChildPurify: Startup delay kludge #1/0: 268 ms, 26 sleeps 2b18.2b1c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 2b18.2b1c: *0000000000000000-000000000076ffff 0x0001/0x0000 0x0000000 2b18.2b1c: *0000000000770000-000000000078ffff 0x0004/0x0004 0x0020000 2b18.2b1c: *0000000000790000-00000000007aafff 0x0002/0x0002 0x0040000 2b18.2b1c: 00000000007ab000-00000000007affff 0x0001/0x0000 0x0000000 2b18.2b1c: *00000000007b0000-00000000007b3fff 0x0002/0x0002 0x0040000 2b18.2b1c: 00000000007b4000-00000000007bffff 0x0001/0x0000 0x0000000 2b18.2b1c: *00000000007c0000-00000000007c1fff 0x0004/0x0004 0x0020000 2b18.2b1c: 00000000007c2000-00000000007fffff 0x0001/0x0000 0x0000000 2b18.2b1c: *0000000000800000-000000000083bfff 0x0000/0x0004 0x0020000 2b18.2b1c: 000000000083c000-000000000083efff 0x0004/0x0004 0x0020000 2b18.2b1c: 000000000083f000-00000000009fffff 0x0000/0x0004 0x0020000 2b18.2b1c: *0000000000a00000-0000000000afafff 0x0000/0x0004 0x0020000 2b18.2b1c: 0000000000afb000-0000000000afdfff 0x0104/0x0004 0x0020000 2b18.2b1c: 0000000000afe000-0000000000afffff 0x0004/0x0004 0x0020000 2b18.2b1c: 0000000000b00000-000000007ffdffff 0x0001/0x0000 0x0000000 2b18.2b1c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 2b18.2b1c: 000000007ffe1000-000000007ffe1fff 0x0001/0x0000 0x0000000 2b18.2b1c: *000000007ffe2000-000000007ffe2fff 0x0002/0x0002 0x0020000 2b18.2b1c: 000000007ffe3000-00007ff5704bffff 0x0001/0x0000 0x0000000 2b18.2b1c: *00007ff5704c0000-00007ff5704c0fff 0x0002/0x0002 0x0040000 2b18.2b1c: 00007ff5704c1000-00007ff5704cffff 0x0001/0x0000 0x0000000 2b18.2b1c: *00007ff5704d0000-00007ff570502fff 0x0002/0x0002 0x0040000 2b18.2b1c: 00007ff570503000-00007ff7b0f7ffff 0x0001/0x0000 0x0000000 2b18.2b1c: *00007ff7b0f80000-00007ff7b0f80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2b18.2b1c: 00007ff7b0f81000-00007ff7b0ff6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2b18.2b1c: 00007ff7b0ff7000-00007ff7b0ff7fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2b18.2b1c: 00007ff7b0ff8000-00007ff7b103ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2b18.2b1c: 00007ff7b1040000-00007ff7b1040fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2b18.2b1c: 00007ff7b1041000-00007ff7b1041fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2b18.2b1c: 00007ff7b1042000-00007ff7b1046fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2b18.2b1c: 00007ff7b1047000-00007ff7b1047fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2b18.2b1c: 00007ff7b1048000-00007ff7b1048fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2b18.2b1c: 00007ff7b1049000-00007ff7b104cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2b18.2b1c: 00007ff7b104d000-00007ff7b1095fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2b18.2b1c: 00007ff7b1096000-00007ffc4437ffff 0x0001/0x0000 0x0000000 2b18.2b1c: *00007ffc44380000-00007ffc44380fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2b18.2b1c: 00007ffc44381000-00007ffc44497fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2b18.2b1c: 00007ffc44498000-00007ffc444defff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2b18.2b1c: 00007ffc444df000-00007ffc444eafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2b18.2b1c: 00007ffc444eb000-00007ffc444f9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2b18.2b1c: 00007ffc444fa000-00007ffc444fafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2b18.2b1c: 00007ffc444fb000-00007ffc444fdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2b18.2b1c: 00007ffc444fe000-00007ffc4456ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2b18.2b1c: 00007ffc44570000-00007ffffffeffff 0x0001/0x0000 0x0000000 2b18.2b1c: VirtualBoxVM.exe: timestamp 0x5f08d7bc (rc=VINF_SUCCESS) 2b18.2b1c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 2b18.2b1c: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports 2b18.2b1c: supR3HardNtChildPurify: Done after 283 ms and 0 fixes (loop #0). fc8.25d4: Log file opened: 6.1.12r139181 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047bb00 fc8.25d4: supR3HardenedVmProcessInit: uNtDllAddr=00007ffc44380000 g_uNtVerCombined=0xa047bb00 (stack ~0000000000affa38) fc8.25d4: ntdll.dll: timestamp 0xb29ecf52 (rc=VINF_SUCCESS) fc8.25d4: New simple heap: #1 0000000000c00000 LB 0x400000 (for 2031616 allocation) 2b18.2b1c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000b00000 LB 0x400000) 2b18.2b1c: supR3HardNtEnableThreadCreationEx: fc8.25d4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' fc8.25d4: System32: \Device\HarddiskVolume3\Windows\System32 fc8.25d4: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS fc8.25d4: KnownDllPath: C:\Windows\System32 fc8.25d4: supR3HardenedVmProcessInit: Opening vboxdrv... fc8.25d4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... fc8.25d4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... fc8.25d4: Registered Dll notification callback with NTDLL. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc41300000 LB 0x002a4000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0] fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc42c50000 LB 0x000b2000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc42c50000 'C:\Windows\System32\KERNEL32.DLL' fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ff7b0f80000 LB 0x00116000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0] fc8.25d4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports fc8.25d4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe fc8.25d4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc443f1770 pvNtTerminateThread=00007ffc4441cac0 2b18.2b1c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 63 ms. fc8.25d4: \SystemRoot\System32\ntdll.dll: fc8.25d4: CreationTime: 2020-07-22T06:39:52.722087600Z fc8.25d4: LastWriteTime: 2020-07-22T06:39:52.737736600Z fc8.25d4: ChangeTime: 2020-07-22T06:57:41.475577900Z fc8.25d4: FileAttributes: 0x20 fc8.25d4: Size: 0x1e8460 fc8.25d4: NT Headers: 0xd8 fc8.25d4: Timestamp: 0xb29ecf52 fc8.25d4: Machine: 0x8664 - amd64 fc8.25d4: Timestamp: 0xb29ecf52 fc8.25d4: Image Version: 10.0 fc8.25d4: SizeOfImage: 0x1f0000 (2031616) fc8.25d4: Resource Dir: 0x17f000 LB 0x6f310 fc8.25d4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] fc8.25d4: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)] fc8.25d4: ProductName: Microsoft® Windows® Operating System fc8.25d4: ProductVersion: 10.0.18362.815 fc8.25d4: FileVersion: 10.0.18362.815 (WinBuild.160101.0800) fc8.25d4: FileDescription: NT Layer DLL fc8.25d4: \SystemRoot\System32\kernel32.dll: fc8.25d4: CreationTime: 2020-07-22T06:39:35.572371500Z fc8.25d4: LastWriteTime: 2020-07-22T06:39:35.572371500Z fc8.25d4: ChangeTime: 2020-07-22T06:57:41.022465900Z fc8.25d4: FileAttributes: 0x20 fc8.25d4: Size: 0xb0498 fc8.25d4: NT Headers: 0xe8 fc8.25d4: Timestamp: 0xce6bbd73 fc8.25d4: Machine: 0x8664 - amd64 fc8.25d4: Timestamp: 0xce6bbd73 fc8.25d4: Image Version: 10.0 fc8.25d4: SizeOfImage: 0xb2000 (729088) fc8.25d4: Resource Dir: 0xb0000 LB 0x520 fc8.25d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] fc8.25d4: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] fc8.25d4: ProductName: Microsoft® Windows® Operating System fc8.25d4: ProductVersion: 10.0.18362.959 fc8.25d4: FileVersion: 10.0.18362.959 (WinBuild.160101.0800) fc8.25d4: FileDescription: Windows NT BASE API Client DLL fc8.25d4: \SystemRoot\System32\KernelBase.dll: fc8.25d4: CreationTime: 2020-07-22T06:57:20.479306600Z fc8.25d4: LastWriteTime: 2020-07-22T06:57:20.526169200Z fc8.25d4: ChangeTime: 2020-07-22T06:59:21.051113100Z fc8.25d4: FileAttributes: 0x20 fc8.25d4: Size: 0x2a3868 fc8.25d4: NT Headers: 0xf8 fc8.25d4: Timestamp: 0x91b9349a fc8.25d4: Machine: 0x8664 - amd64 fc8.25d4: Timestamp: 0x91b9349a fc8.25d4: Image Version: 10.0 fc8.25d4: SizeOfImage: 0x2a4000 (2768896) fc8.25d4: Resource Dir: 0x27e000 LB 0x548 fc8.25d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] fc8.25d4: [Raw version resource data: 0x27e0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] fc8.25d4: ProductName: Microsoft® Windows® Operating System fc8.25d4: ProductVersion: 10.0.18362.997 fc8.25d4: FileVersion: 10.0.18362.997 (WinBuild.160101.0800) fc8.25d4: FileDescription: Windows NT BASE API Client DLL fc8.25d4: \SystemRoot\System32\apisetschema.dll: fc8.25d4: CreationTime: 2019-03-19T04:43:54.837151500Z fc8.25d4: LastWriteTime: 2019-03-19T04:43:54.837151500Z fc8.25d4: ChangeTime: 2020-07-22T06:57:41.022465900Z fc8.25d4: FileAttributes: 0x20 fc8.25d4: Size: 0x1d028 fc8.25d4: NT Headers: 0xc8 fc8.25d4: Timestamp: 0xd6ced080 fc8.25d4: Machine: 0x8664 - amd64 fc8.25d4: Timestamp: 0xd6ced080 fc8.25d4: Image Version: 10.0 fc8.25d4: SizeOfImage: 0x1e000 (122880) fc8.25d4: Resource Dir: 0x1d000 LB 0x408 fc8.25d4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] fc8.25d4: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)] fc8.25d4: ProductName: Microsoft® Windows® Operating System fc8.25d4: ProductVersion: 10.0.18362.1 fc8.25d4: FileVersion: 10.0.18362.1 (WinBuild.160101.0800) fc8.25d4: FileDescription: ApiSet Schema DLL fc8.25d4: NtOpenDirectoryObject failed on \Driver: 0xc0000022 fc8.25d4: supR3HardenedWinFindAdversaries: 0x0 fc8.25d4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' fc8.25d4: Calling main() fc8.25d4: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 fc8.25d4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' fc8.25d4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports fc8.25d4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) fc8.25d4: SUPR3HardenedMain: Final process, opening VBoxDrv... fc8.25d4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000c00000 LB 0x400000) fc8.25d4: supR3HardNtEnableThreadCreationEx: fc8.25d4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc341d0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc341d0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc341d0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc341d0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msasn1.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc42880000 LB 0x0009e000 C:\Windows\System32\msvcrt.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc412b0000 LB 0x00012000 C:\Windows\System32\MSASN1.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc42100000 LB 0x000fa000 C:\Windows\System32\ucrtbase.dll [fFlags=0x0] fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc41fb0000 LB 0x00149000 C:\Windows\System32\CRYPT32.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc435d0000 LB 0x00120000 C:\Windows\System32\RPCRT4.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc42230000 LB 0x0005c000 C:\Windows\System32\Wintrust.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41300000 'api-ms-win-core-synch-l1-2-0' fc8.25d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41300000 'api-ms-win-core-fibers-l1-1-1' fc8.25d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41300000 'api-ms-win-core-fibers-l1-1-1' fc8.25d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41300000 'api-ms-win-core-synch-l1-2-0' fc8.25d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1 fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41300000 'api-ms-win-core-localization-l1-2-1' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc42230000 'C:\Windows\system32\Wintrust.dll' fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc41de0000 LB 0x00026000 C:\Windows\System32\bcrypt.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41de0000 'C:\Windows\system32\bcrypt.dll' fc8.25d4: bcrypt.dll loaded at 00007ffc41de0000, BCryptOpenAlgorithmProvider at 00007ffc41de4c70, preloading providers: fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc415b0000 LB 0x00080000 C:\Windows\System32\bcryptprimitives.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc415b0000 'C:\Windows\system32\bcryptprimitives.dll' fc8.25d4: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000010cd0b0) fc8.25d4: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000010ce620) fc8.25d4: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000010ce920) fc8.25d4: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000010cec20) fc8.25d4: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000010cef20) fc8.25d4: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000010cf220) fc8.25d4: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000010cf520) fc8.25d4: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000010cf820) fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc41dc0000 LB 0x00017000 C:\Windows\System32\CRYPTSP.dll [fFlags=0x0] fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc405a0000 LB 0x00033000 C:\Windows\system32\rsaenh.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc40c00000 LB 0x0000c000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc42c50000 'C:\Windows\System32\kernel32.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc42230000 'C:\Windows\System32\WINTRUST.DLL' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\CRYPT32.dll' fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc43de0000 LB 0x0001d000 C:\Windows\System32\imagehlp.dll [fFlags=0x0] fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc42a60000 LB 0x00097000 C:\Windows\System32\sechost.dll [fFlags=0x0] fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc3fe20000 LB 0x00022000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc412d0000 LB 0x00023000 C:\Windows\System32\profapi.dll [fFlags=0x0] fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc245d0000 LB 0x0002f000 C:\Windows\System32\cryptnet.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc245d0000 'C:\Windows\System32\cryptnet.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc245d0000 'C:\Windows\System32\cryptnet.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc245d0000 'C:\Windows\System32\cryptnet.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc245d0000 'C:\Windows\System32\cryptnet.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc245d0000 'C:\Windows\System32\cryptnet.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc245d0000 'C:\Windows\System32\cryptnet.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc245d0000 'C:\Windows\System32\cryptnet.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc245d0000 'C:\Windows\System32\cryptnet.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc245d0000 'C:\Windows\System32\cryptnet.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc245d0000 'C:\Windows\System32\cryptnet.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc245d0000 'C:\Windows\System32\cryptnet.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc245d0000 'C:\Windows\System32\cryptnet.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc245d0000 'C:\Windows\System32\cryptnet.dll' fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc42760000 LB 0x000a3000 C:\Windows\System32\advapi32.dll [fFlags=0x0] fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000010cfed0 fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010cfed0 fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F110B40CF67FEF4EFA84C23431B3B42233E381F fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc435d0000 'C:\Windows\System32\rpcrt4.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.997.cat'; file='\SystemRoot\System32\ntdll.dll' fc8.25d4: g_pfnWinVerifyTrust=00007ffc422361f0 fc8.25d4: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000388 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010cfed0 fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010cfed0 fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=09032EBC3D9D9BDDC0EE4A6463C043296B79FF20 fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.997.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\system32\crypt32.dll' fc8.25d4: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority fc8.25d4: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA fc8.25d4: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority fc8.25d4: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft fc8.25d4: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011 fc8.25d4: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority fc8.25d4: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010 fc8.25d4: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority fc8.25d4: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018 fc8.25d4: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp. fc8.25d4: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. fc8.25d4: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018 fc8.25d4: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014 fc8.25d4: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority fc8.25d4: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3 fc8.25d4: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign fc8.25d4: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root fc8.25d4: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services fc8.25d4: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA fc8.25d4: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority fc8.25d4: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority fc8.25d4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA fc8.25d4: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA fc8.25d4: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign fc8.25d4: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority fc8.25d4: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA fc8.25d4: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03 fc8.25d4: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 fc8.25d4: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority fc8.25d4: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority fc8.25d4: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA fc8.25d4: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root fc8.25d4: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=32 fc8.25d4: SUPR3HardenedMain: Load Runtime... fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fc8.25d4: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01: [calling] fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust] fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 000000005c170000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust] fc8.25d4: supR3HardenedDllNotificationCallback: load 000000005b5f0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc432e0000 LB 0x0006f000 C:\Windows\System32\WS2_32.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc192b0000 LB 0x005d6000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc192b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc192b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc192b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc192b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc192b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc192b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc192b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc192b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc192b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc192b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc192b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc192b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc192b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc192b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc192b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc192b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc192b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc192b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc192b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc192b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc192b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc192b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc192b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc192b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc192b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc192b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc192b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc192b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc192b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc192b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc192b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc192b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc192b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc42230000 'C:\Windows\system32\Wintrust.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\system32\crypt32.dll' fc8.25d4: SUPR3HardenedMain: Load TrustedMain... fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'uicommon.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008] fc8.25d4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmmbase.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmmbase.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] fc8.25d4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] fc8.25d4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'gdi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'user32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'combase.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fc8.25d4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fc8.25d4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'win32u.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] fc8.25d4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. fc8.25d4: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] fc8.25d4: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] fc8.25d4: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] fc8.25d4: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] fc8.25d4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #77 'user32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #79 'gdi32.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] fc8.25d4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008] fc8.25d4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008] fc8.25d4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [redoing WinVerifyTrust] fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000470 pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010cfed0 fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010cfed0 fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0837440FAE05EB650168FFA2D15E73182F6A3A26 fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.18362.449.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fc8.25d4: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01: [calling] fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust] fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust] fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust] fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'win32u.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DXCore.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DXCore.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc42200000 LB 0x00021000 C:\Windows\System32\win32u.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [avoiding WinVerifyTrust] fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc42290000 LB 0x0009e000 C:\Windows\System32\msvcp_win.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust] fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc41e10000 LB 0x00196000 C:\Windows\System32\gdi32full.dll [fFlags=0x0] fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc44280000 LB 0x00026000 C:\Windows\System32\GDI32.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [avoiding WinVerifyTrust] fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc43420000 LB 0x00195000 C:\Windows\System32\USER32.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [avoiding WinVerifyTrust] fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc43e80000 LB 0x00335000 C:\Windows\System32\combase.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust] fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc42330000 LB 0x0004a000 C:\Windows\System32\cfgmgr32.dll [fFlags=0x0] fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc3fe90000 LB 0x00020000 C:\Windows\SYSTEM32\dxcore.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DXCore.dll [avoiding WinVerifyTrust] fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc2c270000 LB 0x0002c000 C:\Windows\SYSTEM32\GLU32.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust] fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc29c10000 LB 0x00156000 C:\Windows\SYSTEM32\OPENGL32.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc425e0000 LB 0x000a9000 C:\Windows\System32\shcore.dll [fFlags=0x0] fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'rpcrt4.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc41230000 LB 0x00010000 C:\Windows\System32\UMPDC.dll [fFlags=0x0] fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\umpdc.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\umpdc.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc41260000 LB 0x0004a000 C:\Windows\System32\powrprof.dll [fFlags=0x0] fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'umpdc.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc42920000 LB 0x00052000 C:\Windows\System32\shlwapi.dll [fFlags=0x0] fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc41240000 LB 0x00011000 C:\Windows\System32\kernel.appcore.dll [fFlags=0x0] fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc41630000 LB 0x00782000 C:\Windows\System32\windows.storage.dll [fFlags=0x0] fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'rpcrt4.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'profapi.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc436f0000 LB 0x006e7000 C:\Windows\System32\SHELL32.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [avoiding WinVerifyTrust] fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc43180000 LB 0x00157000 C:\Windows\System32\ole32.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc2ca70000 LB 0x0001b000 C:\Windows\SYSTEM32\MPR.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust] fc8.25d4: supR3HardenedDllNotificationCallback: load 000000005bc00000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc098b0000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 000000005b690000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust] fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc43350000 LB 0x000c5000 C:\Windows\System32\OLEAUT32.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc09eb0000 LB 0x02316000 C:\Program Files\Oracle\VirtualBox\UICommon.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 000000005b590000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc3ee20000 LB 0x0002d000 C:\Windows\SYSTEM32\WINMMBASE.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust] fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc3efb0000 LB 0x00024000 C:\Windows\SYSTEM32\WINMM.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc0d490000 LB 0x001c8000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. fc8.25d4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. fc8.25d4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. fc8.25d4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. fc8.25d4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'umpdc.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'umpdc.dll' -> '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\umpdc.dll [redoing WinVerifyTrust] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'. fc8.25d4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\umpdc.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. fc8.25d4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. fc8.25d4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. fc8.25d4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. fc8.25d4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. fc8.25d4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. fc8.25d4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. fc8.25d4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc42c50000 'C:\Windows\System32\kernel32.dll' fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled] fc8.25d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1 fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41300000 'api-ms-win-core-string-l1-1-0' fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled] fc8.25d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1 fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41300000 'api-ms-win-core-datetime-l1-1-1' fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled] fc8.25d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1 fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41300000 'api-ms-win-core-localization-obsolete-l1-2-0' fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. fc8.25d4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. fc8.25d4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc42a30000 LB 0x0002e000 C:\Windows\System32\IMM32.DLL [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc42a30000 'C:\Windows\system32\IMM32.DLL' fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc42760000 'C:\Windows\System32\ADVAPI32.DLL' fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc0d490000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000474 pwszName=\Device\HarddiskVolume3\Windows\System32\glu32.dll fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010cfed0 fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010cfed0 fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F356C86D0A2DBA0570D09B39D4AF818DFCB17010 fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.18362.449.cat'; file='\Device\HarddiskVolume3\Windows\System32\glu32.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' fc8.25d4: SUPR3HardenedMain: Calling TrustedMain (00007ffc0d4916c0)... fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc20d00000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc20d00000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000600 pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010cfed0 fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010cfed0 fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=286AD1CEC16EFDCA5718925D19E68A486A5851A0 fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0415~31bf3856ad364e35~amd64~~10.0.18362.535.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc3f250000 LB 0x00099000 C:\Windows\system32\uxtheme.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3f250000 'C:\Windows\system32\uxtheme.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc43420000 'C:\Windows\system32\user32.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc425e0000 'C:\Windows\system32\SHCore.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0 fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Windows\system32\wintab32.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3efb0000 'C:\Windows\system32\winmm.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3efb0000 'C:\Windows\system32\winmm.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3f250000 'C:\Windows\system32\uxtheme.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc42760000 'C:\Windows\system32\advapi32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'profapi.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc41150000 LB 0x00025000 C:\Windows\system32\userenv.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41150000 'C:\Windows\system32\userenv.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc42c50000 'C:\Windows\System32\kernel32.dll' fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc42980000 LB 0x000a2000 C:\Windows\System32\clbcatq.dll [fFlags=0x0] fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll fc8.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll' fc8.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fc8.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. fc8.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. fc8.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. fc8.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'. fc8.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'. fc8.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust fc8.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll fc8.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... fc8.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] fc8.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll fc8.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... fc8.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] fc8.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll fc8.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fc8.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fc8.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll fc8.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fc8.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fc8.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... fc8.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] fc8.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll fc8.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fc8.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fc8.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] fc8.938: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll fc8.938: supR3HardenedDllNotificationCallback: load 00007ffc094f0000 LB 0x003be000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0] fc8.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll fc8.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc094f0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll' fc8.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fc8.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. fc8.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. fc8.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'. fc8.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'. fc8.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'. fc8.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. fc8.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust fc8.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll fc8.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... fc8.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] fc8.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll fc8.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... fc8.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] fc8.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll fc8.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... fc8.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] fc8.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll fc8.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fc8.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fc8.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll fc8.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fc8.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fc8.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fc8.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fc8.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] fc8.938: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll fc8.938: supR3HardenedDllNotificationCallback: load 00007ffc23390000 LB 0x000ef000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0] fc8.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll fc8.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc23390000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll' fc8.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll fc8.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] fc8.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc43350000 'C:\Windows\System32\oleaut32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc44280000 'C:\Windows\system32\gdi32.dll' fc8.1770: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1770: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1770: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1770: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fc8.1770: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. fc8.1770: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust fc8.1770: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll fc8.1770: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fc8.1770: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fc8.1770: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fc8.1770: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fc8.1770: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.1770: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll fc8.1770: supR3HardenedDllNotificationCallback: load 00007ffc341c0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0] fc8.1770: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll fc8.1770: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc341c0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc42b10000 LB 0x00135000 C:\Windows\System32\MSCTF.dll [fFlags=0x0] fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'user32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'imm32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'advapi32.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msctf.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000082c pwszName=\Device\HarddiskVolume3\Windows\System32\DataExchange.dll fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010cfed0 fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010cfed0 fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AF758F581E6ED4B195B000E1E88DA05815FF2C72 fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.18362.959.cat'; file='\Device\HarddiskVolume3\Windows\System32\DataExchange.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'combase.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'd3d11.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'dcomp.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DataExchange.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DataExchange.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume3\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dcomp.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dcomp.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'dxgi.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'win32u.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\d3d11.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\d3d11.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dxgi.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dxgi.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc3fff0000 LB 0x000eb000 C:\Windows\system32\dxgi.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc3e120000 LB 0x0025b000 C:\Windows\system32\d3d11.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc3e7e0000 LB 0x001dd000 C:\Windows\system32\dcomp.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc25da0000 LB 0x0003a000 C:\Windows\system32\dataexchange.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc44280000 'C:\Windows\System32\gdi32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25da0000 'C:\Windows\system32\dataexchange.dll' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rmclient.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'combase.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'msvcp_win.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rmclient.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rmclient.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc3f840000 LB 0x00029000 C:\Windows\system32\RMCLIENT.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rmclient.dll [avoiding WinVerifyTrust] fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc3f320000 LB 0x00262000 C:\Windows\system32\twinapi.appcore.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rmclient.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rmclient.dll' -> '\Device\HarddiskVolume3\Windows\System32\rmclient.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rmclient.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rmclient.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc425e0000 'C:\Windows\system32\Shcore.dll' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'coreuicomponents.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'coremessaging.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'shcore.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntmarta.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntmarta.dll fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcryptprimitives.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinTypes.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinTypes.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc40280000 LB 0x00031000 C:\Windows\SYSTEM32\ntmarta.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust] fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc3e9d0000 LB 0x000d4000 C:\Windows\System32\CoreMessaging.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust] fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc3c990000 LB 0x00153000 C:\Windows\SYSTEM32\wintypes.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust] fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc3cb30000 LB 0x0032a000 C:\Windows\System32\CoreUIComponents.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust] fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc2a780000 LB 0x0009e000 C:\Windows\System32\TextInputFramework.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume3\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WinTypes.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntmarta.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll' fc8.25d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1 fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc43420000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll' fc8.25d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1 fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc43420000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll' fc8.25d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1 fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc43e80000 'api-ms-win-core-com-l1-1-0.dll' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\iertutil.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\iertutil.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc37040000 LB 0x002a6000 C:\Windows\System32\iertutil.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\iertutil.dll [avoiding WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\iertutil.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc43180000 'C:\Windows\system32\ole32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'comctl32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'version.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'dui70.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'propsys.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shcore.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IME\IMETC\IMTCTIP.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IME\IMETC\IMTCTIP.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'oleaut32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'rpcrt4.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\propsys.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\propsys.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dui70.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dui70.dll' -> '\Device\HarddiskVolume3\Windows\System32\dui70.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ad8 pwszName=\Device\HarddiskVolume3\Windows\System32\dui70.dll fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010cfed0 fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010cfed0 fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=68BCE645C27EBE8A15C81A1E5D34DF4EA5BF087D fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.18362.535.cat'; file='\Device\HarddiskVolume3\Windows\System32\dui70.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dui70.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dui70.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume3\Windows\System32\version.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\version.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\version.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rcNtRedir=0x0] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\comctl32.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comctl32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IME\IMETC\IMTCTIP.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IME\IMETC\IMTCTIP.dll fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.997_none_2a2bebba46660518\comctl32.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.997_none_2a2bebba46660518\comctl32.dll fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dui70.dll fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp110_win.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\policymanager.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\policymanager.dll fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc23480000 LB 0x000a9000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.997_none_2a2bebba46660518\COMCTL32.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.997_none_2a2bebba46660518\comctl32.dll [avoiding WinVerifyTrust] fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc3b7c0000 LB 0x0000a000 C:\Windows\SYSTEM32\VERSION.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc21110000 LB 0x001b3000 C:\Windows\SYSTEM32\DUI70.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dui70.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc3d750000 LB 0x000f0000 C:\Windows\SYSTEM32\PROPSYS.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc3da00000 LB 0x0008a000 C:\Windows\SYSTEM32\msvcp110_win.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll [avoiding WinVerifyTrust] fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc3b5f0000 LB 0x00086000 C:\Windows\SYSTEM32\policymanager.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\policymanager.dll [avoiding WinVerifyTrust] fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc30960000 LB 0x0014a000 C:\Windows\system32\IME\IMETC\IMTCTIP.DLL [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IME\IMETC\IMTCTIP.dll fc8.25d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\apphelp.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\apphelp.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc3f100000 LB 0x0008f000 C:\Windows\SYSTEM32\apphelp.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll [avoiding WinVerifyTrust] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\apphelp.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\apphelp.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\policymanager.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\policymanager.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.997_none_2a2bebba46660518\comctl32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.997_none_2a2bebba46660518\comctl32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\ntdll.dll'. fc8.25d4: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp110_win.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp110_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll [redoing WinVerifyTrust] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll'. fc8.25d4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc44380000 'C:\Windows\System32\ntdll.dll' fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\ntdll.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\apphelp.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\apphelp.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\policymanager.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\policymanager.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.997_none_2a2bebba46660518\comctl32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.997_none_2a2bebba46660518\comctl32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\ntdll.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\apphelp.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\apphelp.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\policymanager.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\policymanager.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.997_none_2a2bebba46660518\comctl32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.997_none_2a2bebba46660518\comctl32.dll' [rescheduled] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc42a30000 'C:\Windows\System32\imm32.dll' fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\ntdll.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\apphelp.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\apphelp.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\policymanager.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\policymanager.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.997_none_2a2bebba46660518\comctl32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.997_none_2a2bebba46660518\comctl32.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\ntdll.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\apphelp.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\apphelp.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\policymanager.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\policymanager.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.997_none_2a2bebba46660518\comctl32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.997_none_2a2bebba46660518\comctl32.dll' [rescheduled] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc43180000 'C:\Windows\System32\ole32.dll' fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\ntdll.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\apphelp.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\apphelp.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\policymanager.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\policymanager.dll' [rescheduled] fc8.25d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.997_none_2a2bebba46660518\comctl32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.997_none_2a2bebba46660518\comctl32.dll' [rescheduled] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc30960000 'C:\Windows\system32\IME\IMETC\IMTCTIP.DLL' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ad0 pwszName=\Device\HarddiskVolume3\Windows\System32\apphelp.dll fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010cfed0 fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010cfed0 fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CAB05C7236BF75A3E9746E25E1039005E1268927 fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0414~31bf3856ad364e35~amd64~~10.0.18362.535.cat'; file='\Device\HarddiskVolume3\Windows\System32\apphelp.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\apphelp.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\policymanager.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.997_none_2a2bebba46660518\comctl32.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MSCTF.DLL (Input=MSCTF.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc42b10000 'C:\Windows\System32\MSCTF.DLL' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'oleacc.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'version.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'dui70.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IME\SHARED\IMETIP.DLL) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IME\SHARED\IMETIP.DLL fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dui70.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dui70.dll' -> '\Device\HarddiskVolume3\Windows\System32\dui70.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dui70.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume3\Windows\System32\version.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleacc.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleacc.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleacc.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000af0 pwszName=\Device\HarddiskVolume3\Windows\System32\oleacc.dll fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010cfed0 fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010cfed0 fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4DE24409C9F6743A292F9B0C8FB1A7F688A78696 fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04113~31bf3856ad364e35~amd64~~10.0.18362.535.cat'; file='\Device\HarddiskVolume3\Windows\System32\oleacc.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'user32.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleacc.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleacc.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\IME\shared\imetip.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IME\SHARED\IMETIP.DLL fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleacc.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc25de0000 LB 0x00065000 C:\Windows\SYSTEM32\OLEACC.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleacc.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc305a0000 LB 0x00139000 C:\Windows\System32\IME\shared\imetip.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IME\SHARED\IMETIP.DLL fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc305a0000 'C:\Windows\System32\IME\shared\imetip.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MSCTF.DLL (Input=MSCTF.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc42b10000 'C:\Windows\System32\MSCTF.DLL' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msctf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc42b10000 'C:\Windows\System32\msctf.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msctf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc42b10000 'C:\Windows\system32\msctf.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'oleaut32.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IME\IMETC\IMTCCFG.DLL) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IME\IMETC\IMTCCFG.DLL fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IME\IMETC\IMTCCFG.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IME\IMETC\IMTCCFG.DLL fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc32fe0000 LB 0x0004d000 C:\Windows\system32\IME\IMETC\IMTCCFG.DLL [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IME\IMETC\IMTCCFG.DLL fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc32fe0000 'C:\Windows\system32\IME\IMETC\IMTCCFG.DLL' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'oleaut32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'crypt32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'ncrypt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'profapi.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IME\IMETC\IMTCCORE.DLL) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IME\IMETC\IMTCCORE.DLL fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ncrypt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ncrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\ncrypt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ntasn1.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ncrypt.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ncrypt.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntasn1.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\ntasn1.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntasn1.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntasn1.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IME\IMETC\IMTCCORE.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IME\IMETC\IMTCCORE.DLL fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ncrypt.dll fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntasn1.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc40cc0000 LB 0x0003b000 C:\Windows\SYSTEM32\NTASN1.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntasn1.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc40d00000 LB 0x00026000 C:\Windows\SYSTEM32\ncrypt.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ncrypt.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc20ff0000 LB 0x00118000 C:\Windows\system32\IME\IMETC\IMTCCORE.DLL [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IME\IMETC\IMTCCORE.DLL fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc43180000 'C:\Windows\System32\ole32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc20ff0000 'C:\Windows\system32\IME\IMETC\IMTCCORE.DLL' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wer.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IME\SHARED\imecfm.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IME\SHARED\imecfm.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wer.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wer.dll' -> '\Device\HarddiskVolume3\Windows\System32\wer.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'rpcrt4.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #61 'umpdc.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wer.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wer.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'umpdc.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'umpdc.dll' -> '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\umpdc.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\IME\shared\imecfm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IME\SHARED\imecfm.dll fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wer.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc3f760000 LB 0x000dc000 C:\Windows\SYSTEM32\wer.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wer.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc32fa0000 LB 0x00038000 C:\Windows\System32\IME\shared\imecfm.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IME\SHARED\imecfm.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc32fa0000 'C:\Windows\System32\IME\shared\imecfm.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\UXTHEME.DLL (Input=UXTHEME.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3f250000 'C:\Windows\System32\UXTHEME.DLL' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IME\SHARED\imecfm.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\IME\shared\imecfm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc32fa0000 'C:\Windows\System32\IME\shared\imecfm.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msimg32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shlwapi.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'duser.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'dui70.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'uiautomationcore.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IME\SHARED\MSCAND20.DLL) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IME\SHARED\MSCAND20.DLL fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uiautomationcore.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'uiautomationcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\uiautomationcore.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b9c pwszName=\Device\HarddiskVolume3\Windows\System32\UIAutomationCore.dll fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010cfed0 fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010cfed0 fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F52AB6DC0BD71E702759576A7EF33ACC2C37CA88 fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.18362.997.cat'; file='\Device\HarddiskVolume3\Windows\System32\UIAutomationCore.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'rpcrt4.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\UIAutomationCore.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\UIAutomationCore.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dui70.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dui70.dll' -> '\Device\HarddiskVolume3\Windows\System32\dui70.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dui70.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'duser.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'duser.dll' -> '\Device\HarddiskVolume3\Windows\System32\duser.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b5c pwszName=\Device\HarddiskVolume3\Windows\System32\duser.dll fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010cfed0 fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010cfed0 fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=09BC45C4D5E42401D74972740E9053BB12859727 fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.18362.535.cat'; file='\Device\HarddiskVolume3\Windows\System32\duser.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'gdi32.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\duser.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\duser.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msimg32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msimg32.dll' -> '\Device\HarddiskVolume3\Windows\System32\msimg32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b98 pwszName=\Device\HarddiskVolume3\Windows\System32\msimg32.dll fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010cfed0 fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010cfed0 fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0453EE11F89D618A82B43DBACFECDD530072D390 fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0417~31bf3856ad364e35~amd64~~10.0.18362.959.cat'; file='\Device\HarddiskVolume3\Windows\System32\msimg32.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msimg32.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msimg32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\IME\shared\mscand20.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IME\SHARED\MSCAND20.DLL fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msimg32.dll fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\duser.dll fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\UIAutomationCore.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc33320000 LB 0x00007000 C:\Windows\SYSTEM32\MSIMG32.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msimg32.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc31aa0000 LB 0x00093000 C:\Windows\SYSTEM32\DUser.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\duser.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc20030000 LB 0x00270000 C:\Windows\SYSTEM32\UIAutomationCore.DLL [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\UIAutomationCore.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc20e30000 LB 0x001b7000 C:\Windows\System32\IME\shared\mscand20.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IME\SHARED\MSCAND20.DLL fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntdll.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc44380000 'C:\Windows\System32\ntdll.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc43420000 'C:\Windows\System32\user32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc20e30000 'C:\Windows\System32\IME\shared\mscand20.dll' fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MSCTF.DLL (Input=MSCTF.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc42b10000 'C:\Windows\System32\MSCTF.DLL' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\iertutil.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\iertutil.dll (Input=iertutil.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc37040000 'C:\Windows\System32\iertutil.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc43420000 'C:\Windows\System32\user32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc43350000 'C:\Windows\System32\OLEAUT32.DLL' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc42b10000 'C:\Windows\System32\MSCTF.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc43180000 'C:\Windows\System32\ole32.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc43350000 'C:\Windows\System32\OLEAUT32.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b84 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010cfed0 fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010cfed0 fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DB1AA7E2E4704C908EC9382E1F9E64808B9E5E1D fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.535.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b80 pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010cfed0 fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010cfed0 fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=22EAF38FA276D7A374D3945ACD556FA0953D3440 fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.535.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc310e0000 LB 0x00084000 C:\Windows\SYSTEM32\wbemcomn.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc30d70000 LB 0x00011000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll fc8.25d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1 fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41300000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc30d70000 'C:\Windows\system32\wbem\wbemprox.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bd4 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010cfed0 fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010cfed0 fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=00C864D7F76A7AD25E7D0DA164B0B66188F5B7FF fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.535.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc2fb10000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2fb10000 'C:\Windows\system32\wbem\wbemsvc.dll' fc8.25d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1 fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41300000 'api-ms-win-core-localization-l1-2-0.dll' fc8.25d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1 fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41300000 'api-ms-win-core-localization-obsolete-l1-1-0.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c5c pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010cfed0 fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010cfed0 fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0708A64F48237CD4D5092546CE9C373F20B30CA1 fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.535.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc2fd80000 LB 0x00101000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2fd80000 'C:\Windows\system32\wbem\fastprox.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c1c pwszName=\Device\HarddiskVolume3\Windows\System32\amsi.dll fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010cfed0 fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010cfed0 fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B5D4D58A583ACAD5AA76D7DD0F2DB8ADE903942B fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.18362.535.cat'; file='\Device\HarddiskVolume3\Windows\System32\amsi.dll' fc8.25d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'userenv.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\amsi.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\amsi.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume3\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\amsi.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc2f550000 LB 0x00015000 C:\Windows\System32\amsi.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\amsi.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2f550000 'C:\Windows\System32\amsi.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'advapi32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'. fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2007.6-0\MpOAV.dll) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2007.6-0\MpOAV.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2007.6-0\MpOav.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2007.6-0\MpOAV.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc2eaf0000 LB 0x0007a000 C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2007.6-0\MpOav.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2007.6-0\MpOAV.dll fc8.25d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41300000 'api-ms-win-core-synch-l1-2-0' fc8.25d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41300000 'api-ms-win-core-fibers-l1-1-1' fc8.25d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1 fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41300000 'api-ms-win-core-localization-l1-2-1' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc42c50000 'C:\Windows\System32\kernel32.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\version.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7c0000 'C:\Windows\system32\version.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2eaf0000 'C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2007.6-0\MpOav.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc42760000 'C:\Windows\System32\ADVAPI32.dll' fc8.2788: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.2788: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fc8.2788: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. fc8.2788: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust fc8.2788: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll fc8.2788: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fc8.2788: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fc8.2788: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fc8.2788: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fc8.2788: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.2788: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll fc8.2788: supR3HardenedDllNotificationCallback: load 00007ffc08340000 LB 0x0037d000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0] fc8.2788: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll fc8.2788: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc08340000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ddc pwszName=\Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010cfed0 fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010cfed0 fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7F5B666FF2CFCD1394E450AF7141F0F82A5730F3 fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04113~31bf3856ad364e35~amd64~~10.0.18362.535.cat'; file='\Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll' fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'oleaut32.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'ws2_32.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'netsetupapi.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'setupapi.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'devrtl.dll'. fc8.1124: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll) WinVerifyTrust fc8.1124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devrtl.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'devrtl.dll' -> '\Device\HarddiskVolume3\Windows\System32\devrtl.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000de0 pwszName=\Device\HarddiskVolume3\Windows\System32\devrtl.dll fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010cfed0 fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010cfed0 fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D2E5A6C3AFA14B1D9C532760FD646C3AC357C7AB fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.997.cat'; file='\Device\HarddiskVolume3\Windows\System32\devrtl.dll' fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fc8.1124: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devrtl.dll) WinVerifyTrust fc8.1124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devrtl.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'cfgmgr32.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'bcrypt.dll'. fc8.1124: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust fc8.1124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netsetupapi.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'netsetupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\netsetupapi.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. fc8.1124: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll) WinVerifyTrust fc8.1124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupShim.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] fc8.1124: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll fc8.1124: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll fc8.1124: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devrtl.dll fc8.1124: supR3HardenedDllNotificationCallback: load 00007ffc33660000 LB 0x00025000 C:\Windows\System32\NetSetupApi.dll [fFlags=0x0] fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll fc8.1124: supR3HardenedDllNotificationCallback: load 00007ffc42d10000 LB 0x00470000 C:\Windows\System32\setupapi.dll [fFlags=0x0] fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll fc8.1124: supR3HardenedDllNotificationCallback: load 00007ffc33690000 LB 0x00013000 C:\Windows\System32\DEVRTL.dll [fFlags=0x0] fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devrtl.dll fc8.1124: supR3HardenedDllNotificationCallback: load 00007ffc336c0000 LB 0x00081000 C:\Windows\System32\NetSetupShim.dll [fFlags=0x0] fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc336c0000 'C:\Windows\System32\NetSetupShim.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'nsi.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'winnsi.dll'. fc8.1124: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\NetSetupEngine.dll) WinVerifyTrust fc8.1124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\NetSetupEngine.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'. fc8.1124: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll) WinVerifyTrust fc8.1124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] fc8.1124: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\nsi.dll'. fc8.1124: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll) fc8.1124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.1124: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll) WinVerifyTrust fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupEngine.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.1124: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupEngine.dll fc8.1124: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll fc8.1124: supR3HardenedDllNotificationCallback: load 00007ffc42b00000 LB 0x00008000 C:\Windows\System32\NSI.dll [fFlags=0x0] fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [avoiding WinVerifyTrust] fc8.1124: supR3HardenedDllNotificationCallback: load 00007ffc3afe0000 LB 0x0000b000 C:\Windows\SYSTEM32\WINNSI.DLL [fFlags=0x0] fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll fc8.1124: supR3HardenedDllNotificationCallback: load 00007ffc191e0000 LB 0x000ce000 C:\Windows\System32\NetSetupEngine.dll [fFlags=0x0] fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupEngine.dll fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc191e0000 'C:\Windows\System32\NetSetupEngine.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.1124: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll' fc8.242c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.242c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fc8.242c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. fc8.242c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'. fc8.242c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'. fc8.242c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'. fc8.242c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust fc8.242c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll fc8.242c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fc8.242c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fc8.242c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fc8.242c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fc8.242c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... fc8.242c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] fc8.242c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll fc8.242c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... fc8.242c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] fc8.242c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fc8.242c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fc8.242c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.242c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll fc8.242c: supR3HardenedDllNotificationCallback: load 00007ffc34180000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0] fc8.242c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll fc8.242c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc34180000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL' fc8.28bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.28bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fc8.28bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. fc8.28bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. fc8.28bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust fc8.28bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll fc8.28bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fc8.28bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fc8.28bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... fc8.28bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] fc8.28bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fc8.28bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fc8.28bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll fc8.28bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.28bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll fc8.28bc: supR3HardenedDllNotificationCallback: load 00007ffc34170000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0] fc8.28bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll fc8.28bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc34170000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\Shell32.dll' fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc08340000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. fc8.1124: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust fc8.1124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.1124: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll fc8.1124: supR3HardenedDllNotificationCallback: load 00007ffc222c0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0] fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc222c0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL' fc8.1124: supR3HardenedDllNotificationCallback: Unload 00007ffc222c0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0] fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'. fc8.1124: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust fc8.1124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.1124: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust fc8.1124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. fc8.1124: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust fc8.1124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. fc8.1124: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust fc8.1124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.1124: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll fc8.1124: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll fc8.1124: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll fc8.1124: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL fc8.1124: supR3HardenedDllNotificationCallback: load 00007ffc20c90000 LB 0x00067000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0] fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll fc8.1124: supR3HardenedDllNotificationCallback: load 00007ffbf67e0000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0] fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll fc8.1124: supR3HardenedDllNotificationCallback: load 00007ffc40740000 LB 0x0003a000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0] fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL fc8.1124: supR3HardenedDllNotificationCallback: load 00007ffbf7040000 LB 0x009e6000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0] fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7040000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.1124: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll fc8.1124: supR3HardenedDllNotificationCallback: load 00007ffc222c0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0] fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc222c0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc094f0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf67e0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. fc8.1124: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust fc8.1124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.1124: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll fc8.1124: supR3HardenedDllNotificationCallback: load 00007ffc2e8b0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0] fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2e8b0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. fc8.1124: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust fc8.1124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.1124: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll fc8.1124: supR3HardenedDllNotificationCallback: load 00007ffc23b60000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0] fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc23b60000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. fc8.1124: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust fc8.1124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.1124: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll fc8.1124: supR3HardenedDllNotificationCallback: load 00007ffc23b40000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0] fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc23b40000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. fc8.1124: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust fc8.1124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.1124: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll fc8.1124: supR3HardenedDllNotificationCallback: load 00007ffc23160000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0] fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc23160000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.304: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.304: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fc8.304: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. fc8.304: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. fc8.304: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust fc8.304: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll fc8.304: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fc8.304: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fc8.304: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... fc8.304: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] fc8.304: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll fc8.304: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fc8.304: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fc8.304: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.304: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll fc8.304: supR3HardenedDllNotificationCallback: load 00007ffc21f30000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0] fc8.304: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll fc8.304: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc21f30000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL' fc8.1eb8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1eb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fc8.1eb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. fc8.1eb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'. fc8.1eb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'. fc8.1eb8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust fc8.1eb8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll fc8.1eb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fc8.1eb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fc8.1eb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... fc8.1eb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] fc8.1eb8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll fc8.1eb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... fc8.1eb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] fc8.1eb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fc8.1eb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fc8.1eb8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.1eb8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll fc8.1eb8: supR3HardenedDllNotificationCallback: load 00007ffc33390000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0] fc8.1eb8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll fc8.1eb8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc33390000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL' fc8.1cac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1cac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fc8.1cac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. fc8.1cac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. fc8.1cac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust fc8.1cac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll fc8.1cac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fc8.1cac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fc8.1cac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... fc8.1cac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] fc8.1cac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fc8.1cac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fc8.1cac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.1cac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll fc8.1cac: supR3HardenedDllNotificationCallback: load 00007ffc306e0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0] fc8.1cac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll fc8.1cac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc306e0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. fc8.1124: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust fc8.1124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.1124: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll fc8.1124: supR3HardenedDllNotificationCallback: load 00007ffc30bf0000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0] fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc30bf0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'devobj.dll'. fc8.1124: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll) WinVerifyTrust fc8.1124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'cfgmgr32.dll'. fc8.1124: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devobj.dll) WinVerifyTrust fc8.1124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] fc8.1124: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll fc8.1124: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll fc8.1124: supR3HardenedDllNotificationCallback: load 00007ffc41030000 LB 0x0002a000 C:\Windows\System32\DEVOBJ.dll [fFlags=0x0] fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll fc8.1124: supR3HardenedDllNotificationCallback: load 00007ffc3b260000 LB 0x00072000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0] fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b260000 'C:\Windows\System32\MMDevApi.dll' fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001134 pwszName=\Device\HarddiskVolume3\Windows\System32\dsound.dll fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010cfed0 fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010cfed0 fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8184043CF3F3DF1E3CF96E74DBBF7D0836417373 fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.535.cat'; file='\Device\HarddiskVolume3\Windows\System32\dsound.dll' fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'winmm.dll'. fc8.1124: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dsound.dll) WinVerifyTrust fc8.1124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dsound.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] fc8.1124: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll fc8.1124: supR3HardenedDllNotificationCallback: load 00007ffc20b00000 LB 0x00099000 C:\Windows\System32\dsound.dll [fFlags=0x0] fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc20b00000 'C:\Windows\System32\dsound.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc20b00000 'C:\Windows\System32\dsound.dll' fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc20b00000 'C:\Windows\system32\dsound.dll' fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b260000 'C:\Windows\System32\MMDEVAPI.DLL' fc8.7b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.7b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.7b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. fc8.7b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'. fc8.7b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'. fc8.7b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'mmdevapi.dll'. fc8.7b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\AudioSes.dll) WinVerifyTrust fc8.7b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\AudioSes.dll fc8.7b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... fc8.7b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] fc8.7b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll fc8.7b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... fc8.7b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] fc8.7b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.7b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.7b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... fc8.7b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] fc8.7b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.7b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll fc8.7b8: supR3HardenedDllNotificationCallback: load 00007ffc3b330000 LB 0x0015d000 C:\Windows\System32\AUDIOSES.DLL [fFlags=0x0] fc8.7b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll fc8.7b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b330000 'C:\Windows\System32\AUDIOSES.DLL' fc8.7b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.7b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'. fc8.7b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll) fc8.7b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll fc8.7b8: supR3HardenedDllNotificationCallback: load 00007ffc3f590000 LB 0x00014000 C:\Windows\SYSTEM32\resourcepolicyclient.dll [fFlags=0x0] fc8.7b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll [avoiding WinVerifyTrust] fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.1124: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll' fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3efb0000 'C:\Windows\System32\winmm.dll' fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001190 pwszName=\Device\HarddiskVolume3\Windows\System32\wdmaud.drv fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010cfed0 fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010cfed0 fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=38EA8D6D625C6A0A9075DAE17FD33652FF8FC23A fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.535.cat'; file='\Device\HarddiskVolume3\Windows\System32\wdmaud.drv' fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'ksuser.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'avrt.dll'. fc8.1124: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wdmaud.drv) WinVerifyTrust fc8.1124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wdmaud.drv fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.1124: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\avrt.dll) WinVerifyTrust fc8.1124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\avrt.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume3\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.1124: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ksuser.dll) WinVerifyTrust fc8.1124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ksuser.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] fc8.1124: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv fc8.1124: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll fc8.1124: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll fc8.1124: supR3HardenedDllNotificationCallback: load 00007ffc23150000 LB 0x00009000 C:\Windows\SYSTEM32\ksuser.dll [fFlags=0x0] fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll fc8.1124: supR3HardenedDllNotificationCallback: load 00007ffc3d1b0000 LB 0x0000a000 C:\Windows\SYSTEM32\AVRT.dll [fFlags=0x0] fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll fc8.1124: supR3HardenedDllNotificationCallback: load 00007ffc1b4d0000 LB 0x00044000 C:\Windows\System32\wdmaud.drv [fFlags=0x0] fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b4d0000 'C:\Windows\System32\wdmaud.drv' fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b4d0000 'C:\Windows\System32\wdmaud.drv' fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b4d0000 'C:\Windows\System32\wdmaud.drv' fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b4d0000 'C:\Windows\System32\wdmaud.drv' fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b4d0000 'C:\Windows\System32\wdmaud.drv' fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001194 pwszName=\Device\HarddiskVolume3\Windows\System32\msacm32.drv fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010cfed0 fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010cfed0 fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=763C5E89A8DA653902990733D245B99CC7C40BEA fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.535.cat'; file='\Device\HarddiskVolume3\Windows\System32\msacm32.drv' fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmmbase.dll'. fc8.1124: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.drv) WinVerifyTrust fc8.1124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.drv fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.1124: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.dll) WinVerifyTrust fc8.1124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] fc8.1124: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv fc8.1124: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll fc8.1124: supR3HardenedDllNotificationCallback: load 00007ffc191c0000 LB 0x0001c000 C:\Windows\SYSTEM32\MSACM32.dll [fFlags=0x0] fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll fc8.1124: supR3HardenedDllNotificationCallback: load 00007ffc22f70000 LB 0x0000d000 C:\Windows\System32\msacm32.drv [fFlags=0x0] fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc22f70000 'C:\Windows\System32\msacm32.drv' fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc22f70000 'C:\Windows\System32\msacm32.drv' fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc22f70000 'C:\Windows\System32\msacm32.drv' fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc22f70000 'C:\Windows\System32\msacm32.drv' fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc22f70000 'C:\Windows\System32\msacm32.drv' fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc22f70000 'C:\Windows\System32\msacm32.drv' fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc22f70000 'C:\Windows\System32\msacm32.drv' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc22f70000 'C:\Windows\System32\msacm32.drv' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc22f70000 'C:\Windows\System32\msacm32.drv' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc22f70000 'C:\Windows\System32\msacm32.drv' fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011b0 pwszName=\Device\HarddiskVolume3\Windows\System32\midimap.dll fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010cfed0 fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010cfed0 fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EB34EC166C3F780657AB67E557E6C2E60C398D10 fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.535.cat'; file='\Device\HarddiskVolume3\Windows\System32\midimap.dll' fc8.1124: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.1124: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'. fc8.1124: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\midimap.dll) WinVerifyTrust fc8.1124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\midimap.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.1124: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] fc8.1124: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll fc8.1124: supR3HardenedDllNotificationCallback: load 00007ffc21540000 LB 0x0000a000 C:\Windows\System32\midimap.dll [fFlags=0x0] fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc21540000 'C:\Windows\System32\midimap.dll' fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc21540000 'C:\Windows\System32\midimap.dll' fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc21540000 'C:\Windows\System32\midimap.dll' fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc21540000 'C:\Windows\System32\midimap.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3efb0000 'C:\Windows\System32\winmm.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3efb0000 'C:\Windows\System32\winmm.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3efb0000 'C:\Windows\System32\winmm.dll' fc8.1124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll fc8.1124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc20b00000 'C:\Windows\system32\dsound.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3efb0000 'C:\Windows\System32\winmm.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3efb0000 'C:\Windows\System32\winmm.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3efb0000 'C:\Windows\System32\winmm.dll' fc8.1124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sspicli.dll) fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sspicli.dll fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc41120000 LB 0x0002f000 C:\Windows\SYSTEM32\SspiCli.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sspicli.dll [avoiding WinVerifyTrust] fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc42230000 'C:\Windows\System32\WINTRUST.DLL' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\CRYPT32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sspicli.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sspicli.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\sspicli.dll (Input=sspicli.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41120000 'C:\Windows\System32\sspicli.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405a0000 'C:\Windows\system32\rsaenh.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41fb0000 'C:\Windows\System32\crypt32.dll' fc8.25d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fc8.25d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IME\SHARED\IMELM.DLL) WinVerifyTrust fc8.25d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IME\SHARED\IMELM.DLL fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fc8.25d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\IME\SHARED\imelm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] fc8.25d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IME\SHARED\IMELM.DLL fc8.25d4: supR3HardenedDllNotificationCallback: load 00007ffc3f050000 LB 0x00058000 C:\Windows\System32\IME\SHARED\imelm.dll [fFlags=0x0] fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IME\SHARED\IMELM.DLL fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3f050000 'C:\Windows\System32\IME\SHARED\imelm.dll' fc8.25d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll fc8.25d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.25d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc436f0000 'C:\Windows\system32\shell32.dll' fc8.1cac: supR3HardenedDllNotificationCallback: Unload 00007ffc306e0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0] fc8.1eb8: supR3HardenedDllNotificationCallback: Unload 00007ffc33390000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0] fc8.304: supR3HardenedDllNotificationCallback: Unload 00007ffc21f30000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0] fc8.28bc: supR3HardenedDllNotificationCallback: Unload 00007ffc34170000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0] fc8.242c: supR3HardenedDllNotificationCallback: Unload 00007ffc34180000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0] fc8.1124: supR3HardenedDllNotificationCallback: Unload 00007ffc23160000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [flags=0x0] fc8.1124: supR3HardenedDllNotificationCallback: Unload 00007ffc23b40000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [flags=0x0] fc8.1124: supR3HardenedDllNotificationCallback: Unload 00007ffc23b60000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [flags=0x0] fc8.1124: supR3HardenedDllNotificationCallback: Unload 00007ffc2e8b0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [flags=0x0] fc8.1124: supR3HardenedDllNotificationCallback: Unload 00007ffc222c0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0] fc8.1124: supR3HardenedDllNotificationCallback: Unload 00007ffbf7040000 LB 0x009e6000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0] fc8.1124: supR3HardenedDllNotificationCallback: Unload 00007ffc20c90000 LB 0x00067000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0] fc8.1124: supR3HardenedDllNotificationCallback: Unload 00007ffbf67e0000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0] fc8.1124: supR3HardenedDllNotificationCallback: Unload 00007ffc40740000 LB 0x0003a000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc32fa0000 LB 0x00038000 C:\Windows\System32\IME\shared\imecfm.dll [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc3f760000 LB 0x000dc000 C:\Windows\SYSTEM32\wer.dll [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc341c0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc305a0000 LB 0x00139000 C:\Windows\System32\IME\shared\imetip.dll [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc25de0000 LB 0x00065000 C:\Windows\SYSTEM32\OLEACC.dll [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc30960000 LB 0x0014a000 C:\Windows\system32\IME\IMETC\IMTCTIP.DLL [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc23480000 LB 0x000a9000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.997_none_2a2bebba46660518\COMCTL32.dll [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc3b5f0000 LB 0x00086000 C:\Windows\SYSTEM32\policymanager.dll [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc3da00000 LB 0x0008a000 C:\Windows\SYSTEM32\msvcp110_win.dll [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc2fb10000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc30d70000 LB 0x00011000 C:\Windows\system32\wbem\wbemprox.dll [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc20e30000 LB 0x001b7000 C:\Windows\System32\IME\shared\mscand20.dll [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc33320000 LB 0x00007000 C:\Windows\SYSTEM32\MSIMG32.dll [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc31aa0000 LB 0x00093000 C:\Windows\SYSTEM32\DUser.dll [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc21110000 LB 0x001b3000 C:\Windows\SYSTEM32\DUI70.dll [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc20030000 LB 0x00270000 C:\Windows\SYSTEM32\UIAutomationCore.DLL [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc2fd80000 LB 0x00101000 C:\Windows\system32\wbem\fastprox.dll [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc310e0000 LB 0x00084000 C:\Windows\SYSTEM32\wbemcomn.dll [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc3f050000 LB 0x00058000 C:\Windows\System32\IME\SHARED\imelm.dll [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc23390000 LB 0x000ef000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc25da0000 LB 0x0003a000 C:\Windows\system32\dataexchange.dll [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc3e120000 LB 0x0025b000 C:\Windows\system32\d3d11.dll [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc3fff0000 LB 0x000eb000 C:\Windows\system32\dxgi.dll [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc3e7e0000 LB 0x001dd000 C:\Windows\system32\dcomp.dll [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc3f320000 LB 0x00262000 C:\Windows\system32\twinapi.appcore.dll [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc3f840000 LB 0x00029000 C:\Windows\system32\RMCLIENT.dll [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc20ff0000 LB 0x00118000 C:\Windows\system32\IME\IMETC\IMTCCORE.DLL [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc40d00000 LB 0x00026000 C:\Windows\SYSTEM32\ncrypt.dll [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc40cc0000 LB 0x0003b000 C:\Windows\SYSTEM32\NTASN1.dll [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc32fe0000 LB 0x0004d000 C:\Windows\system32\IME\IMETC\IMTCCFG.DLL [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc094f0000 LB 0x003be000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc336c0000 LB 0x00081000 C:\Windows\System32\NetSetupShim.dll [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc33660000 LB 0x00025000 C:\Windows\System32\NetSetupApi.dll [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc42d10000 LB 0x00470000 C:\Windows\System32\setupapi.dll [flags=0x0] fc8.25d4: supR3HardenedDllNotificationCallback: Unload 00007ffc33690000 LB 0x00013000 C:\Windows\System32\DEVRTL.dll [flags=0x0] fc8.25d4: Terminating the normal way: rcExit=0 2b18.2b1c: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 936219 ms, the end); 28a0.1c28: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 936603 ms, the end);