1e00.2090: Log file opened: 5.0.8r103449 g_hStartupLog=0000000000000058 g_uNtVerCombined=0xa0280000 1e00.2090: \SystemRoot\System32\ntdll.dll: 1e00.2090: CreationTime: 2015-08-20T23:20:59.070821600Z 1e00.2090: LastWriteTime: 2015-08-08T07:29:58.168349600Z 1e00.2090: ChangeTime: 2015-08-21T10:30:50.420447700Z 1e00.2090: FileAttributes: 0x20 1e00.2090: Size: 0x1bce48 1e00.2090: NT Headers: 0xd8 1e00.2090: Timestamp: 0x55c59f92 1e00.2090: Machine: 0x8664 - amd64 1e00.2090: Timestamp: 0x55c59f92 1e00.2090: Image Version: 10.0 1e00.2090: SizeOfImage: 0x1c1000 (1839104) 1e00.2090: Resource Dir: 0x15a000 LB 0x65718 1e00.2090: ProductName: Microsoft® Windows® Operating System 1e00.2090: ProductVersion: 10.0.10240.16430 1e00.2090: FileVersion: 10.0.10240.16430 (th1.150807-2049) 1e00.2090: FileDescription: NT Layer DLL 1e00.2090: \SystemRoot\System32\kernel32.dll: 1e00.2090: CreationTime: 2015-07-10T10:59:59.699781600Z 1e00.2090: LastWriteTime: 2015-07-10T10:59:59.699781600Z 1e00.2090: ChangeTime: 2015-10-13T23:39:05.537198800Z 1e00.2090: FileAttributes: 0x20 1e00.2090: Size: 0xab830 1e00.2090: NT Headers: 0xf0 1e00.2090: Timestamp: 0x559f38ad 1e00.2090: Machine: 0x8664 - amd64 1e00.2090: Timestamp: 0x559f38ad 1e00.2090: Image Version: 10.0 1e00.2090: SizeOfImage: 0xad000 (708608) 1e00.2090: Resource Dir: 0xab000 LB 0x518 1e00.2090: ProductName: Microsoft® Windows® Operating System 1e00.2090: ProductVersion: 10.0.10240.16384 1e00.2090: FileVersion: 10.0.10240.16384 (th1.150709-1700) 1e00.2090: FileDescription: Windows NT BASE API Client DLL 1e00.2090: \SystemRoot\System32\KernelBase.dll: 1e00.2090: CreationTime: 2015-07-10T11:00:10.325689700Z 1e00.2090: LastWriteTime: 2015-07-10T11:00:10.325689700Z 1e00.2090: ChangeTime: 2015-10-13T23:39:05.865323100Z 1e00.2090: FileAttributes: 0x20 1e00.2090: Size: 0x1dc680 1e00.2090: NT Headers: 0x100 1e00.2090: Timestamp: 0x559f38c3 1e00.2090: Machine: 0x8664 - amd64 1e00.2090: Timestamp: 0x559f38c3 1e00.2090: Image Version: 10.0 1e00.2090: SizeOfImage: 0x1dd000 (1953792) 1e00.2090: Resource Dir: 0x1c7000 LB 0x530 1e00.2090: ProductName: Microsoft® Windows® Operating System 1e00.2090: ProductVersion: 10.0.10240.16384 1e00.2090: FileVersion: 10.0.10240.16384 (th1.150709-1700) 1e00.2090: FileDescription: Windows NT BASE API Client DLL 1e00.2090: \SystemRoot\System32\apisetschema.dll: 1e00.2090: CreationTime: 2015-07-10T11:00:04.872098600Z 1e00.2090: LastWriteTime: 2015-07-10T11:00:04.872098600Z 1e00.2090: ChangeTime: 2015-08-21T03:35:07.893781700Z 1e00.2090: FileAttributes: 0x20 1e00.2090: Size: 0x16760 1e00.2090: NT Headers: 0xc8 1e00.2090: Timestamp: 0x559f3e3d 1e00.2090: Machine: 0x8664 - amd64 1e00.2090: Timestamp: 0x559f3e3d 1e00.2090: Image Version: 10.0 1e00.2090: SizeOfImage: 0x17000 (94208) 1e00.2090: Resource Dir: 0x16000 LB 0x3f0 1e00.2090: ProductName: Microsoft® Windows® Operating System 1e00.2090: ProductVersion: 10.0.10240.16384 1e00.2090: FileVersion: 10.0.10240.16384 (th1.150709-1700) 1e00.2090: FileDescription: ApiSet Schema DLL 1e00.2090: NtOpenDirectoryObject failed on \Driver: 0xc0000022 1e00.2090: supR3HardenedWinFindAdversaries: 0x0 1e00.2090: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 1e00.2090: Calling main() 1e00.2090: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 1e00.2090: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 1e00.2090: SUPR3HardenedMain: Respawn #1 1e00.2090: System32: \Device\HarddiskVolume4\Windows\System32 1e00.2090: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS 1e00.2090: KnownDllPath: C:\Windows\system32 1e00.2090: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1e00.2090: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe) 1e00.2090: supR3HardNtEnableThreadCreation: 1e00.2090: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffad453fb70 pvNtTerminateThread=00007ffad4563a20 1e00.2090: supR3HardenedWinDoReSpawn(1): New child 17d4.18f8 [kernel32]. 1e00.2090: supR3HardNtChildGatherData: PebBaseAddress=00007ff674c0a000 cbPeb=0x388 1e00.2090: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffad44d0000 uNtDllChildAddr=00007ffad44d0000 1e00.2090: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffad453fb70 1e00.2090: supR3HardenedWinSetupChildInit: Start child. 1e00.2090: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms. 1e00.2090: supR3HardNtChildPurify: Startup delay kludge #1/0: 266 ms, 21 sleeps 1e00.2090: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 1e00.2090: *0000000000000000-ffffffffff00ffff 0x0001/0x0000 0x0000000 1e00.2090: *0000000000ff0000-0000000000fcffff 0x0004/0x0004 0x0020000 1e00.2090: *0000000001010000-0000000000ffbfff 0x0002/0x0002 0x0040000 1e00.2090: 0000000001024000-0000000001017fff 0x0001/0x0000 0x0000000 1e00.2090: *0000000001030000-0000000000f33fff 0x0000/0x0004 0x0020000 1e00.2090: 000000000112c000-0000000001128fff 0x0104/0x0004 0x0020000 1e00.2090: 000000000112f000-000000000112dfff 0x0004/0x0004 0x0020000 1e00.2090: *0000000001130000-000000000112bfff 0x0002/0x0002 0x0040000 1e00.2090: 0000000001134000-0000000001127fff 0x0001/0x0000 0x0000000 1e00.2090: *0000000001140000-000000000113dfff 0x0004/0x0004 0x0020000 1e00.2090: 0000000001142000-ffffffff822a3fff 0x0001/0x0000 0x0000000 1e00.2090: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 1e00.2090: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 1e00.2090: 000000007fff0000-ffff800a8b3fffff 0x0001/0x0000 0x0000000 1e00.2090: *00007ff674be0000-00007ff674bbcfff 0x0002/0x0002 0x0040000 1e00.2090: 00007ff674c03000-00007ff674bfbfff 0x0001/0x0000 0x0000000 1e00.2090: *00007ff674c0a000-00007ff674c08fff 0x0004/0x0004 0x0020000 1e00.2090: 00007ff674c0b000-00007ff674c07fff 0x0001/0x0000 0x0000000 1e00.2090: *00007ff674c0e000-00007ff674c0bfff 0x0004/0x0004 0x0020000 1e00.2090: 00007ff674c10000-00007ff67423ffff 0x0001/0x0000 0x0000000 1e00.2090: *00007ff6755e0000-00007ff6755e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e00.2090: 00007ff6755e1000-00007ff675667fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e00.2090: 00007ff675668000-00007ff675668fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e00.2090: 00007ff675669000-00007ff6756b3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e00.2090: 00007ff6756b4000-00007ff6756b4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e00.2090: 00007ff6756b5000-00007ff6756b5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e00.2090: 00007ff6756b6000-00007ff6756bafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e00.2090: 00007ff6756bb000-00007ff6756bbfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e00.2090: 00007ff6756bc000-00007ff6756bcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e00.2090: 00007ff6756bd000-00007ff6756c0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e00.2090: 00007ff6756c1000-00007ff67570bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e00.2090: 00007ff67570c000-00007ff216947fff 0x0001/0x0000 0x0000000 1e00.2090: *00007ffad44d0000-00007ffad44d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 1e00.2090: 00007ffad44d1000-00007ffad45ccfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 1e00.2090: 00007ffad45cd000-00007ffad460efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 1e00.2090: 00007ffad460f000-00007ffad4617fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 1e00.2090: 00007ffad4618000-00007ffad4625fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 1e00.2090: 00007ffad4626000-00007ffad4626fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 1e00.2090: 00007ffad4627000-00007ffad4629fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 1e00.2090: 00007ffad462a000-00007ffad4690fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 1e00.2090: 00007ffad4691000-00007ff5a8d41fff 0x0001/0x0000 0x0000000 1e00.2090: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 1e00.2090: VirtualBox.exe: timestamp 0x561faefe (rc=VINF_SUCCESS) 1e00.2090: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1e00.2090: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports 1e00.2090: supR3HardNtChildPurify: Done after 281 ms and 0 fixes (loop #0). 17d4.18f8: Log file opened: 5.0.8r103449 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0280000 17d4.18f8: supR3HardenedVmProcessInit: uNtDllAddr=00007ffad44d0000 1e00.2090: supR3HardNtEnableThreadCreation: 17d4.18f8: ntdll.dll: timestamp 0x55c59f92 (rc=VINF_SUCCESS) 17d4.18f8: New simple heap: #1 0000000001250000 LB 0x400000 (for 1839104 allocation) 17d4.18f8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 17d4.18f8: System32: \Device\HarddiskVolume4\Windows\System32 17d4.18f8: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS 17d4.18f8: KnownDllPath: C:\Windows\system32 17d4.18f8: supR3HardenedVmProcessInit: Opening vboxdrv stub... 17d4.18f8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 17d4.18f8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 17d4.18f8: Registered Dll notification callback with NTDLL. 17d4.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll) 17d4.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll 17d4.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801: [calling] 17d4.18f8: supR3HardenedDllNotificationCallback: load 00007ffad1900000 LB 0x001dd000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] 17d4.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll) 17d4.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll 17d4.18f8: supR3HardenedDllNotificationCallback: load 00007ffad4420000 LB 0x000ad000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0] 17d4.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 17d4.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad4420000 'C:\Windows\system32\KERNEL32.DLL' 17d4.18f8: supR3HardenedDllNotificationCallback: load 00007ff6755e0000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 17d4.18f8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 17d4.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe) 17d4.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 17d4.18f8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffad453fb70 pvNtTerminateThread=00007ffad4563a20 1e00.2090: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 63 ms. 17d4.18f8: \SystemRoot\System32\ntdll.dll: 17d4.18f8: CreationTime: 2015-08-20T23:20:59.070821600Z 17d4.18f8: LastWriteTime: 2015-08-08T07:29:58.168349600Z 17d4.18f8: ChangeTime: 2015-08-21T10:30:50.420447700Z 17d4.18f8: FileAttributes: 0x20 17d4.18f8: Size: 0x1bce48 17d4.18f8: NT Headers: 0xd8 17d4.18f8: Timestamp: 0x55c59f92 17d4.18f8: Machine: 0x8664 - amd64 17d4.18f8: Timestamp: 0x55c59f92 17d4.18f8: Image Version: 10.0 17d4.18f8: SizeOfImage: 0x1c1000 (1839104) 17d4.18f8: Resource Dir: 0x15a000 LB 0x65718 17d4.18f8: ProductName: Microsoft® Windows® Operating System 17d4.18f8: ProductVersion: 10.0.10240.16430 17d4.18f8: FileVersion: 10.0.10240.16430 (th1.150807-2049) 17d4.18f8: FileDescription: NT Layer DLL 17d4.18f8: \SystemRoot\System32\kernel32.dll: 17d4.18f8: CreationTime: 2015-07-10T10:59:59.699781600Z 17d4.18f8: LastWriteTime: 2015-07-10T10:59:59.699781600Z 17d4.18f8: ChangeTime: 2015-10-13T23:39:05.537198800Z 17d4.18f8: FileAttributes: 0x20 17d4.18f8: Size: 0xab830 17d4.18f8: NT Headers: 0xf0 17d4.18f8: Timestamp: 0x559f38ad 17d4.18f8: Machine: 0x8664 - amd64 17d4.18f8: Timestamp: 0x559f38ad 17d4.18f8: Image Version: 10.0 17d4.18f8: SizeOfImage: 0xad000 (708608) 17d4.18f8: Resource Dir: 0xab000 LB 0x518 17d4.18f8: ProductName: Microsoft® Windows® Operating System 17d4.18f8: ProductVersion: 10.0.10240.16384 17d4.18f8: FileVersion: 10.0.10240.16384 (th1.150709-1700) 17d4.18f8: FileDescription: Windows NT BASE API Client DLL 17d4.18f8: \SystemRoot\System32\KernelBase.dll: 17d4.18f8: CreationTime: 2015-07-10T11:00:10.325689700Z 17d4.18f8: LastWriteTime: 2015-07-10T11:00:10.325689700Z 17d4.18f8: ChangeTime: 2015-10-13T23:39:05.865323100Z 17d4.18f8: FileAttributes: 0x20 17d4.18f8: Size: 0x1dc680 17d4.18f8: NT Headers: 0x100 17d4.18f8: Timestamp: 0x559f38c3 17d4.18f8: Machine: 0x8664 - amd64 17d4.18f8: Timestamp: 0x559f38c3 17d4.18f8: Image Version: 10.0 17d4.18f8: SizeOfImage: 0x1dd000 (1953792) 17d4.18f8: Resource Dir: 0x1c7000 LB 0x530 17d4.18f8: ProductName: Microsoft® Windows® Operating System 17d4.18f8: ProductVersion: 10.0.10240.16384 17d4.18f8: FileVersion: 10.0.10240.16384 (th1.150709-1700) 17d4.18f8: FileDescription: Windows NT BASE API Client DLL 17d4.18f8: \SystemRoot\System32\apisetschema.dll: 17d4.18f8: CreationTime: 2015-07-10T11:00:04.872098600Z 17d4.18f8: LastWriteTime: 2015-07-10T11:00:04.872098600Z 17d4.18f8: ChangeTime: 2015-08-21T03:35:07.893781700Z 17d4.18f8: FileAttributes: 0x20 17d4.18f8: Size: 0x16760 17d4.18f8: NT Headers: 0xc8 17d4.18f8: Timestamp: 0x559f3e3d 17d4.18f8: Machine: 0x8664 - amd64 17d4.18f8: Timestamp: 0x559f3e3d 17d4.18f8: Image Version: 10.0 17d4.18f8: SizeOfImage: 0x17000 (94208) 17d4.18f8: Resource Dir: 0x16000 LB 0x3f0 17d4.18f8: ProductName: Microsoft® Windows® Operating System 17d4.18f8: ProductVersion: 10.0.10240.16384 17d4.18f8: FileVersion: 10.0.10240.16384 (th1.150709-1700) 17d4.18f8: FileDescription: ApiSet Schema DLL 17d4.18f8: NtOpenDirectoryObject failed on \Driver: 0xc0000022 17d4.18f8: supR3HardenedWinFindAdversaries: 0x0 17d4.18f8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 17d4.18f8: Calling main() 17d4.18f8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 17d4.18f8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 17d4.18f8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 17d4.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe) 17d4.18f8: SUPR3HardenedMain: Respawn #2 17d4.18f8: supR3HardNtEnableThreadCreation: 17d4.18f8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffad453fb70 pvNtTerminateThread=00007ffad4563a20 17d4.18f8: supR3HardenedWinDoReSpawn(2): New child 130c.1f0c [kernel32]. 17d4.18f8: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless) 17d4.18f8: supR3HardNtChildGatherData: PebBaseAddress=00007ff674633000 cbPeb=0x388 17d4.18f8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffad44d0000 uNtDllChildAddr=00007ffad44d0000 17d4.18f8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffad453fb70 17d4.18f8: supR3HardenedWinSetupChildInit: Start child. 17d4.18f8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 17d4.18f8: supR3HardNtChildPurify: Startup delay kludge #1/0: 263 ms, 22 sleeps 17d4.18f8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 17d4.18f8: *0000000000000000-ffffffffff7dffff 0x0001/0x0000 0x0000000 17d4.18f8: *0000000000820000-00000000007fffff 0x0004/0x0004 0x0020000 17d4.18f8: *0000000000840000-000000000082bfff 0x0002/0x0002 0x0040000 17d4.18f8: 0000000000854000-0000000000847fff 0x0001/0x0000 0x0000000 17d4.18f8: *0000000000860000-0000000000763fff 0x0000/0x0004 0x0020000 17d4.18f8: 000000000095c000-0000000000958fff 0x0104/0x0004 0x0020000 17d4.18f8: 000000000095f000-000000000095dfff 0x0004/0x0004 0x0020000 17d4.18f8: *0000000000960000-000000000095bfff 0x0002/0x0002 0x0040000 17d4.18f8: 0000000000964000-0000000000957fff 0x0001/0x0000 0x0000000 17d4.18f8: *0000000000970000-000000000096dfff 0x0004/0x0004 0x0020000 17d4.18f8: 0000000000972000-ffffffff81303fff 0x0001/0x0000 0x0000000 17d4.18f8: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 17d4.18f8: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 17d4.18f8: 000000007fff0000-ffff800a8b9cffff 0x0001/0x0000 0x0000000 17d4.18f8: *00007ff674610000-00007ff6745ecfff 0x0002/0x0002 0x0040000 17d4.18f8: *00007ff674633000-00007ff674631fff 0x0004/0x0004 0x0020000 17d4.18f8: 00007ff674634000-00007ff674629fff 0x0001/0x0000 0x0000000 17d4.18f8: *00007ff67463e000-00007ff67463bfff 0x0004/0x0004 0x0020000 17d4.18f8: 00007ff674640000-00007ff67369ffff 0x0001/0x0000 0x0000000 17d4.18f8: *00007ff6755e0000-00007ff6755e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 17d4.18f8: 00007ff6755e1000-00007ff675667fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 17d4.18f8: 00007ff675668000-00007ff675668fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 17d4.18f8: 00007ff675669000-00007ff6756b3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 17d4.18f8: 00007ff6756b4000-00007ff6756b4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 17d4.18f8: 00007ff6756b5000-00007ff6756b5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 17d4.18f8: 00007ff6756b6000-00007ff6756bafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 17d4.18f8: 00007ff6756bb000-00007ff6756bbfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 17d4.18f8: 00007ff6756bc000-00007ff6756bcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 17d4.18f8: 00007ff6756bd000-00007ff6756c0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 17d4.18f8: 00007ff6756c1000-00007ff67570bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 17d4.18f8: 00007ff67570c000-00007ff216947fff 0x0001/0x0000 0x0000000 17d4.18f8: *00007ffad44d0000-00007ffad44d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 17d4.18f8: 00007ffad44d1000-00007ffad45ccfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 17d4.18f8: 00007ffad45cd000-00007ffad460efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 17d4.18f8: 00007ffad460f000-00007ffad4617fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 17d4.18f8: 00007ffad4618000-00007ffad4625fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 17d4.18f8: 00007ffad4626000-00007ffad4626fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 17d4.18f8: 00007ffad4627000-00007ffad4629fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 17d4.18f8: 00007ffad462a000-00007ffad4690fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 17d4.18f8: 00007ffad4691000-00007ff5a8d41fff 0x0001/0x0000 0x0000000 17d4.18f8: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 17d4.18f8: VirtualBox.exe: timestamp 0x561faefe (rc=VINF_SUCCESS) 17d4.18f8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 17d4.18f8: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports 17d4.18f8: supR3HardNtChildPurify: Done after 295 ms and 0 fixes (loop #0). 130c.1f0c: Log file opened: 5.0.8r103449 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0280000 130c.1f0c: supR3HardenedVmProcessInit: uNtDllAddr=00007ffad44d0000 17d4.18f8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001250000 LB 0x400000) 130c.1f0c: ntdll.dll: timestamp 0x55c59f92 (rc=VINF_SUCCESS) 130c.1f0c: New simple heap: #1 0000000000a80000 LB 0x400000 (for 1839104 allocation) 17d4.18f8: supR3HardNtEnableThreadCreation: 130c.1f0c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 130c.1f0c: System32: \Device\HarddiskVolume4\Windows\System32 130c.1f0c: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS 130c.1f0c: KnownDllPath: C:\Windows\system32 130c.1f0c: supR3HardenedVmProcessInit: Opening vboxdrv... 130c.1f0c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 130c.1f0c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 130c.1f0c: Registered Dll notification callback with NTDLL. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801: [calling] 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad1900000 LB 0x001dd000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad4420000 LB 0x000ad000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad4420000 'C:\Windows\system32\KERNEL32.DLL' 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ff6755e0000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 130c.1f0c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 130c.1f0c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffad453fb70 pvNtTerminateThread=00007ffad4563a20 17d4.18f8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 80 ms. 130c.1f0c: \SystemRoot\System32\ntdll.dll: 130c.1f0c: CreationTime: 2015-08-20T23:20:59.070821600Z 130c.1f0c: LastWriteTime: 2015-08-08T07:29:58.168349600Z 130c.1f0c: ChangeTime: 2015-08-21T10:30:50.420447700Z 130c.1f0c: FileAttributes: 0x20 130c.1f0c: Size: 0x1bce48 130c.1f0c: NT Headers: 0xd8 130c.1f0c: Timestamp: 0x55c59f92 130c.1f0c: Machine: 0x8664 - amd64 130c.1f0c: Timestamp: 0x55c59f92 130c.1f0c: Image Version: 10.0 130c.1f0c: SizeOfImage: 0x1c1000 (1839104) 130c.1f0c: Resource Dir: 0x15a000 LB 0x65718 130c.1f0c: ProductName: Microsoft® Windows® Operating System 130c.1f0c: ProductVersion: 10.0.10240.16430 130c.1f0c: FileVersion: 10.0.10240.16430 (th1.150807-2049) 130c.1f0c: FileDescription: NT Layer DLL 130c.1f0c: \SystemRoot\System32\kernel32.dll: 130c.1f0c: CreationTime: 2015-07-10T10:59:59.699781600Z 130c.1f0c: LastWriteTime: 2015-07-10T10:59:59.699781600Z 130c.1f0c: ChangeTime: 2015-10-13T23:39:05.537198800Z 130c.1f0c: FileAttributes: 0x20 130c.1f0c: Size: 0xab830 130c.1f0c: NT Headers: 0xf0 130c.1f0c: Timestamp: 0x559f38ad 130c.1f0c: Machine: 0x8664 - amd64 130c.1f0c: Timestamp: 0x559f38ad 130c.1f0c: Image Version: 10.0 130c.1f0c: SizeOfImage: 0xad000 (708608) 130c.1f0c: Resource Dir: 0xab000 LB 0x518 130c.1f0c: ProductName: Microsoft® Windows® Operating System 130c.1f0c: ProductVersion: 10.0.10240.16384 130c.1f0c: FileVersion: 10.0.10240.16384 (th1.150709-1700) 130c.1f0c: FileDescription: Windows NT BASE API Client DLL 130c.1f0c: \SystemRoot\System32\KernelBase.dll: 130c.1f0c: CreationTime: 2015-07-10T11:00:10.325689700Z 130c.1f0c: LastWriteTime: 2015-07-10T11:00:10.325689700Z 130c.1f0c: ChangeTime: 2015-10-13T23:39:05.865323100Z 130c.1f0c: FileAttributes: 0x20 130c.1f0c: Size: 0x1dc680 130c.1f0c: NT Headers: 0x100 130c.1f0c: Timestamp: 0x559f38c3 130c.1f0c: Machine: 0x8664 - amd64 130c.1f0c: Timestamp: 0x559f38c3 130c.1f0c: Image Version: 10.0 130c.1f0c: SizeOfImage: 0x1dd000 (1953792) 130c.1f0c: Resource Dir: 0x1c7000 LB 0x530 130c.1f0c: ProductName: Microsoft® Windows® Operating System 130c.1f0c: ProductVersion: 10.0.10240.16384 130c.1f0c: FileVersion: 10.0.10240.16384 (th1.150709-1700) 130c.1f0c: FileDescription: Windows NT BASE API Client DLL 130c.1f0c: \SystemRoot\System32\apisetschema.dll: 130c.1f0c: CreationTime: 2015-07-10T11:00:04.872098600Z 130c.1f0c: LastWriteTime: 2015-07-10T11:00:04.872098600Z 130c.1f0c: ChangeTime: 2015-08-21T03:35:07.893781700Z 130c.1f0c: FileAttributes: 0x20 130c.1f0c: Size: 0x16760 130c.1f0c: NT Headers: 0xc8 130c.1f0c: Timestamp: 0x559f3e3d 130c.1f0c: Machine: 0x8664 - amd64 130c.1f0c: Timestamp: 0x559f3e3d 130c.1f0c: Image Version: 10.0 130c.1f0c: SizeOfImage: 0x17000 (94208) 130c.1f0c: Resource Dir: 0x16000 LB 0x3f0 130c.1f0c: ProductName: Microsoft® Windows® Operating System 130c.1f0c: ProductVersion: 10.0.10240.16384 130c.1f0c: FileVersion: 10.0.10240.16384 (th1.150709-1700) 130c.1f0c: FileDescription: ApiSet Schema DLL 130c.1f0c: NtOpenDirectoryObject failed on \Driver: 0xc0000022 130c.1f0c: supR3HardenedWinFindAdversaries: 0x0 130c.1f0c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 130c.1f0c: Calling main() 130c.1f0c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 130c.1f0c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 130c.1f0c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe) 130c.1f0c: SUPR3HardenedMain: Final process, opening VBoxDrv... 130c.1f0c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000a80000 LB 0x400000) 130c.1f0c: supR3HardNtEnableThreadCreation: 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffac91f0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac91f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac91f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac91f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'msasn1.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad3cb0000 LB 0x0009d000 C:\Windows\system32\msvcrt.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad0f50000 LB 0x00011000 C:\Windows\system32\MSASN1.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad1000000 LB 0x001c1000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad4000000 LB 0x00126000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad0fa0000 LB 0x00054000 C:\Windows\system32\Wintrust.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\system32\Wintrust.dll' 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad0e30000 LB 0x00028000 C:\Windows\system32\bcrypt.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0e30000 'C:\Windows\system32\bcrypt.dll' 130c.1f0c: bcrypt.dll loaded at 00007ffad0e30000, BCryptOpenAlgorithmProvider at 00007ffad0e34a00, preloading providers: 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad0cc0000 LB 0x0006b000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0cc0000 'C:\Windows\system32\bcryptprimitives.dll' 130c.1f0c: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000e8a730) 130c.1f0c: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000e8adf0) 130c.1f0c: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000e8b0c0) 130c.1f0c: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000e8b420) 130c.1f0c: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000e8bf40) 130c.1f0c: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000e8c250) 130c.1f0c: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000e8c560) 130c.1f0c: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000e8c830) 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL' 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad0460000 LB 0x00017000 C:\Windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad00b0000 LB 0x00033000 C:\Windows\system32\rsaenh.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad05d0000 LB 0x0000b000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad4420000 'C:\Windows\system32\kernel32.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\CRYPT32.dll' 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad3400000 LB 0x0001c000 C:\Windows\system32\imagehlp.dll [fFlags=0x0] 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad31f0000 LB 0x0005b000 C:\Windows\system32\sechost.dll [fFlags=0x0] 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffacf520000 LB 0x00023000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad0f80000 LB 0x00013000 C:\Windows\system32\profapi.dll [fFlags=0x0] 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'wldap32.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume4\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\Wldap32.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\Wldap32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad1bb0000 LB 0x0005b000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\Wldap32.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffac2630000 LB 0x0002f000 C:\Windows\system32\cryptnet.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\System32\cryptnet.dll' 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad37d0000 LB 0x000a6000 C:\Windows\system32\advapi32.dll [fFlags=0x0] 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=311B4CDD9B998ED36E8EA94DCB004D809301CC36 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad4000000 'C:\Windows\system32\rpcrt4.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_555_for_KB3081455~31bf3856ad364e35~amd64~~10.0.1.3.cat'; file='\SystemRoot\System32\ntdll.dll' 130c.1f0c: g_pfnWinVerifyTrust=00007ffad0fa8890 130c.1f0c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' 130c.1f0c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000374 pwszName=\Device\HarddiskVolume4\Windows\System32\Wldap32.dll 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3E30C00BB3189B639214835B4F4C320DEC5BFA77 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-ds-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\Wldap32.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\Wldap32.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000370 pwszName=\Device\HarddiskVolume4\Windows\System32\cryptnet.dll 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5997BB270A09A76A71A9EE8A7ADB154F3D75EEF3 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-ds-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\cryptnet.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x6fae3debd474d000 CN=ZackWorkWin10 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010 130c.1f0c: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=US, ST=Washington, L=Renton, O=Parallels, Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, CN=Parallels, Inc. 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xcd5e8f6875d9ad00 CN=DESKTOP-C0JAJ7K 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp. 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xff3891b54348328 C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048) 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA 130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root 130c.1f0c: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=35 130c.1f0c: SUPR3HardenedMain: Load Runtime... 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'nsi.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll) WinVerifyTrust 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\nsi.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nsi.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\nsi.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01: [calling] 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust] 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 0000000069750000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust] 130c.1f0c: supR3HardenedDllNotificationCallback: load 00000000696b0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad1ba0000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [avoiding WinVerifyTrust] 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad4130000 LB 0x00069000 C:\Windows\system32\WS2_32.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffaa5090000 LB 0x0055f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll 130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\nsi.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rescheduled] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\system32\Wintrust.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: SUPR3HardenedMain: Load TrustedMain... 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'user32.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmm.dll) WinVerifyTrust 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmm.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000484 pwszName=\Device\HarddiskVolume4\Windows\System32\comdlg32.dll 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=857477BEC0F0F69A9C4898B3680E207E94733C3F 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008] 130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'devobj.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmmbase.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmmbase.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008] 130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\devobj.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'cfgmgr32.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\devobj.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devobj.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_329_for_KB3081444~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'user32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'shlwapi.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'gdi32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'comctl32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'shell32.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\comdlg32.dll) WinVerifyTrust 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comdlg32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #64 'user32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #66 'gdi32.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rcNtRedir=0x0] 130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\comctl32.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comctl32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'gdi32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll) WinVerifyTrust 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll) WinVerifyTrust 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [redoing WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008] 130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008] 130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\opengl32.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\opengl32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume4\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008] 130c.1f0c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\ddraw.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'user32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'gdi32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'dciman32.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\ddraw.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ddraw.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\glu32.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\glu32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008] 130c.1f0c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'bcrypt.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\winspool.drv) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winspool.drv 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'msctf.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\comdlg32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume4\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008] 130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msctf.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'imm32.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msctf.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msctf.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume4\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\dciman32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dciman32.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dciman32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll) WinVerifyTrust 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [redoing WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll' 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [redoing WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll' 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [redoing WinVerifyTrust] 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e4 pwszName=\Device\HarddiskVolume4\Windows\System32\opengl32.dll 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5F0CC8DA0E67C8C01864C0783FA867C4BDCE0AAA 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\opengl32.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 130c.1f0c: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01: [calling] 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust] 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\ddraw.dll [avoiding WinVerifyTrust] 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust] 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust] 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dciman32.dll [avoiding WinVerifyTrust] 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll [avoiding WinVerifyTrust] 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad3480000 LB 0x0014e000 C:\Windows\system32\USER32.dll [fFlags=0x0] 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad3640000 LB 0x00186000 C:\Windows\system32\GDI32.dll [fFlags=0x0] 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffab8bc0000 LB 0x00008000 C:\Windows\SYSTEM32\DCIMAN32.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dciman32.dll [avoiding WinVerifyTrust] 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffab7ca0000 LB 0x000f6000 C:\Windows\SYSTEM32\DDRAW.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\ddraw.dll [avoiding WinVerifyTrust] 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffab7da0000 LB 0x0002e000 C:\Windows\SYSTEM32\GLU32.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust] 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffab8160000 LB 0x00128000 C:\Windows\SYSTEM32\OPENGL32.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad41a0000 LB 0x0027c000 C:\Windows\system32\combase.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [avoiding WinVerifyTrust] 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad3df0000 LB 0x00141000 C:\Windows\system32\ole32.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00000000693d0000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad1ae0000 LB 0x000b3000 C:\Windows\system32\shcore.dll [fFlags=0x0] 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'combase.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\SHCore.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\SHCore.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad3d90000 LB 0x00051000 C:\Windows\system32\shlwapi.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust] 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffac4560000 LB 0x000aa000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\COMCTL32.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll [avoiding WinVerifyTrust] 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad0f70000 LB 0x0000f000 C:\Windows\system32\kernel.appcore.dll [fFlags=0x0] 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad0f00000 LB 0x0004a000 C:\Windows\system32\powrprof.dll [fFlags=0x0] 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\powrprof.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\powrprof.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad11d0000 LB 0x00628000 C:\Windows\system32\windows.storage.dll [fFlags=0x0] 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'combase.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #64 'profapi.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\windows.storage.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\windows.storage.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad1cc0000 LB 0x01522000 C:\Windows\system32\SHELL32.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad3a70000 LB 0x000d7000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\comdlg32.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad3f40000 LB 0x000be000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad3b50000 LB 0x0015c000 C:\Windows\system32\MSCTF.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll [avoiding WinVerifyTrust] 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad3d50000 LB 0x00036000 C:\Windows\system32\IMM32.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [avoiding WinVerifyTrust] 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad1800000 LB 0x00044000 C:\Windows\system32\cfgmgr32.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust] 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad0ba0000 LB 0x00027000 C:\Windows\SYSTEM32\DEVOBJ.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll [avoiding WinVerifyTrust] 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffacec30000 LB 0x0002c000 C:\Windows\SYSTEM32\WINMMBASE.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust] 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffacec90000 LB 0x00023000 C:\Windows\SYSTEM32\WINMM.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffacae00000 LB 0x00084000 C:\Windows\SYSTEM32\WINSPOOL.DRV [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust] 130c.1f0c: supR3HardenedDllNotificationCallback: load 0000000068950000 LB 0x0096c000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00000000692c0000 LB 0x00105000 C:\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 0000000068870000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffaa45d0000 LB 0x00ab9000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll 130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled] 130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled] 130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled] 130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled] 130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll' [rescheduled] 130c.1f0c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\dciman32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\dciman32.dll' [rescheduled] 130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msctf.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll' [rescheduled] 130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled] 130c.1f0c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'. 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rescheduled] 130c.1f0c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled] 130c.1f0c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\ddraw.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\ddraw.dll' [rescheduled] 130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled] 130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled] 130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rescheduled] 130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled] 130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\devobj.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rescheduled] 130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [redoing WinVerifyTrust] 130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'. 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\imm32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust] 130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'. 130c.1f0c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust] 130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'. 130c.1f0c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3d50000 'C:\Windows\system32\imm32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa45d0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll' 130c.1f0c: SUPR3HardenedMain: Calling TrustedMain (00007ffaa45d10d0)... 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\system32\winmm.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006a4 pwszName=\Device\HarddiskVolume4\Windows\System32\uxtheme.dll 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3717D376EF95470D8C03AD02F97C4DCBCE269CF8 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_413_for_KB3097617~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume4\Windows\System32\uxtheme.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\uxtheme.dll) WinVerifyTrust 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\uxtheme.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffaceee0000 LB 0x00096000 C:\Windows\system32\uxtheme.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaceee0000 'C:\Windows\system32\uxtheme.dll' 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'gdi32.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dwmapi.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dwmapi.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007fface0a0000 LB 0x00022000 C:\Windows\system32\dwmapi.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust] 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000458 pwszName=\Device\HarddiskVolume4\Windows\System32\dwmapi.dll 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=71451274041047D99462EA805D3FAD1A9E10F86D 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_138_for_KB3097617~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume4\Windows\System32\dwmapi.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad4420000 'C:\Windows\system32\kernel32.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaceee0000 'C:\Windows\system32\uxtheme.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaceee0000 'C:\Windows\system32\uxtheme.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3480000 'C:\Windows\system32\user32.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaceee0000 'C:\Windows\system32\uxtheme.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3480000 'C:\Windows\system32\user32.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad37d0000 'C:\Windows\system32\advapi32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'profapi.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\userenv.dll) WinVerifyTrust 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\userenv.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad01a0000 LB 0x0001f000 C:\Windows\system32\userenv.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad01a0000 'C:\Windows\system32\userenv.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad4420000 'C:\Windows\system32\kernel32.dll' 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad1c10000 LB 0x000a5000 C:\Windows\system32\clbcatq.dll [fFlags=0x0] 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\clbcatq.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\clbcatq.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\clbcatq.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.2260: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.2260: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 130c.2260: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 130c.2260: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'psapi.dll'. 130c.2260: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'. 130c.2260: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. 130c.2260: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'version.dll'. 130c.2260: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'. 130c.2260: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'. 130c.2260: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'. 130c.2260: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust 130c.2260: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll 130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 130c.2260: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll 130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 130c.2260: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll 130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 130c.2260: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll 130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'... 130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume4\Windows\System32\version.dll' [rcNtRedir=0xc0150008] 130c.2260: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.2260: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.2260: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.2260: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\version.dll) WinVerifyTrust 130c.2260: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\version.dll 130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 130c.2260: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll 130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'... 130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008] 130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.2260: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.2260: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.2260: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\psapi.dll) WinVerifyTrust 130c.2260: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\psapi.dll 130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 130c.2260: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll 130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 130c.2260: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll 130c.2260: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 130c.2260: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll 130c.2260: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\version.dll 130c.2260: supR3HardenedDllNotificationCallback: load 00007ffad3a60000 LB 0x00008000 C:\Windows\system32\PSAPI.DLL [fFlags=0x0] 130c.2260: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\psapi.dll 130c.2260: supR3HardenedDllNotificationCallback: load 00007ffacf500000 LB 0x0000a000 C:\Windows\SYSTEM32\VERSION.dll [fFlags=0x0] 130c.2260: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\version.dll 130c.2260: supR3HardenedDllNotificationCallback: load 00007ffaa3ff0000 LB 0x005d6000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0] 130c.2260: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll 130c.2260: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa3ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll' 130c.2260: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll 130c.2260: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 130c.2260: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3f40000 'C:\Windows\System32\oleaut32.dll' 130c.2260: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sxs.dll) 130c.2260: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sxs.dll 130c.2260: supR3HardenedDllNotificationCallback: load 00007ffad0d30000 LB 0x00098000 C:\Windows\SYSTEM32\sxs.dll [fFlags=0x0] 130c.2260: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sxs.dll [avoiding WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sxs.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3f40000 'C:\Windows\system32\OLEAUT32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3640000 'C:\Windows\system32\gdi32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3480000 'C:\Windows\system32\user32.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b68 pwszName=\Device\HarddiskVolume4\Windows\System32\DataExchange.dll 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=030BB80F5AC7982FF01AB351589D64E6D4167B3E 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-AppRuntime-shell-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\DataExchange.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd2d1.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'd3d11.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'dcomp.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\DataExchange.dll) WinVerifyTrust 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\DataExchange.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume4\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dcomp.dll) WinVerifyTrust 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dcomp.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume4\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'dxgi.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\d3d11.dll) WinVerifyTrust 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\d3d11.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd2d1.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'd2d1.dll' -> '\Device\HarddiskVolume4\Windows\System32\d2d1.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bb0 pwszName=\Device\HarddiskVolume4\Windows\System32\d2d1.dll 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CA1A7323788F698339FF353F1BA100EF7C556D74 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008] 130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\dxgi.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dxgi.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dxgi.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-Graphics-DirectX-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\d2d1.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\d2d1.dll) WinVerifyTrust 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\d2d1.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll [redoing WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d2d1.dll 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll [avoiding WinVerifyTrust] 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffac5e50000 LB 0x00545000 C:\Windows\system32\d2d1.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d2d1.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffacdd50000 LB 0x0009c000 C:\Windows\system32\dxgi.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll [avoiding WinVerifyTrust] 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffacddf0000 LB 0x002a3000 C:\Windows\system32\d3d11.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007fface760000 LB 0x000d1000 C:\Windows\system32\dcomp.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffabc800000 LB 0x00046000 C:\Windows\system32\dataexchange.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffabc800000 'C:\Windows\system32\dataexchange.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'userenv.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'bcrypt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'combase.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffacefa0000 LB 0x000ee000 C:\Windows\system32\twinapi.appcore.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume4\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll [redoing WinVerifyTrust] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3b50000 'C:\Windows\system32\MSCTF.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll' [redir] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll [redoing WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4560000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\SYSTEM32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\SYSTEM32\WINMM.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaceee0000 'C:\Windows\system32/uxtheme.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\propsys.dll) WinVerifyTrust 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\propsys.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\propsys.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007fface160000 LB 0x00183000 C:\Windows\system32\propsys.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fface160000 'C:\Windows\system32\propsys.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\windows.storage.dll [redoing WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Windows.Storage.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad11d0000 'C:\Windows\system32\Windows.Storage.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\windows.storage.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\windows.storage.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad11d0000 'C:\Windows\system32\windows.storage.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'gdi32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll) WinVerifyTrust 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffac02e0000 LB 0x00274000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac02e0000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac02e0000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\WindowsCodecs.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\WindowsCodecs.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffacac00000 LB 0x001b2000 C:\Windows\SYSTEM32\WindowsCodecs.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WindowsCodecs.dll [avoiding WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\WindowsCodecs.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\System32\shell32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\System32\shell32.dll' 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\apphelp.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\apphelp.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffaced60000 LB 0x00078000 C:\Windows\SYSTEM32\apphelp.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\apphelp.dll [avoiding WinVerifyTrust] 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e1c pwszName=\Device\HarddiskVolume4\Windows\System32\apphelp.dll 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=54A8D49732D327F780234E47407FD91AB77B632A 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\apphelp.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\apphelp.dll' 130c.1f0c: \Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 0b f4 b7 b3 5e f7 a4 6b ab 0b 7c 99 e9 03 00 00) 130c.1f0c: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll) 130c.1f0c: Error (rc=0): 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll 130c.1f0c: Error (rc=0): 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll' (C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll): rcNt=0xc0000190 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [lacks WinVerifyTrust] 130c.1f0c: Error (rc=0): 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll 130c.1f0c: Error (rc=0): 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll' (C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll): rcNt=0xc0000190 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [lacks WinVerifyTrust] 130c.1f0c: Error (rc=0): 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll 130c.1f0c: Error (rc=0): 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll' (C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll): rcNt=0xc0000190 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [lacks WinVerifyTrust] 130c.1f0c: Error (rc=0): 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=3 \Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll 130c.1f0c: Error (rc=0): 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll' (C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll): rcNt=0xc0000190 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [lacks WinVerifyTrust] 130c.1f0c: Error (rc=0): 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=4 \Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll 130c.1f0c: Error (rc=0): 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll' (C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll): rcNt=0xc0000190 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d20 pwszName=\Device\HarddiskVolume4\Windows\System32\EhStorShell.dll 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=71E11A131CDF3E69651FC99A41A71D0B0DE9672D 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-drivers~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\EhStorShell.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shlwapi.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'comctl32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'setupapi.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\EhStorShell.dll) WinVerifyTrust 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\EhStorShell.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'cfgmgr32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\setupapi.dll) WinVerifyTrust 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\setupapi.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rcNtRedir=0x0] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\comctl32.dll [redoing WinVerifyTrust] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [redoing WinVerifyTrust] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume4\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\EhStorShell.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\EhStorShell.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad3890000 LB 0x001c5000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffab8be0000 LB 0x00037000 C:\Windows\System32\EhStorShell.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\EhStorShell.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab8be0000 'C:\Windows\System32\EhStorShell.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\EhStorShell.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\EhStorShell.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab8be0000 'C:\Windows\System32\EhStorShell.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e04 pwszName=\Device\HarddiskVolume4\Windows\System32\cscui.dll 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E64571B9529C5C26824687EDDD20704860318470 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-OfflineFiles-UI-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\cscui.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'propsys.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'cscdll.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cscui.dll) WinVerifyTrust 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cscui.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cscdll.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cscdll.dll' -> '\Device\HarddiskVolume4\Windows\System32\cscdll.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e08 pwszName=\Device\HarddiskVolume4\Windows\System32\cscdll.dll 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CF8F6BC6D7190460FA0E3467AE0519E1B041C365 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\cscdll.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cscdll.dll) WinVerifyTrust 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cscdll.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume4\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cscui.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cscui.dll 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cscdll.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffab8bd0000 LB 0x0000d000 C:\Windows\System32\CSCDLL.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cscdll.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffab8030000 LB 0x000c4000 C:\Windows\System32\cscui.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cscui.dll 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac02e0000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab8030000 'C:\Windows\System32\cscui.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cscui.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cscui.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab8030000 'C:\Windows\System32\cscui.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shell32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shlwapi.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'mpr.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcrt.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files (x86)\Parallels\Parallels Tools\ShellExtentions\PrlToolsShellExt.dll) WinVerifyTrust 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files (x86)\Parallels\Parallels Tools\ShellExtentions\PrlToolsShellExt.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mpr.dll) WinVerifyTrust 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mpr.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\Parallels\Parallels Tools\ShellExtentions\PrlToolsShellExt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files (x86)\Parallels\Parallels Tools\ShellExtentions\PrlToolsShellExt.dll 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffacfe20000 LB 0x0001c000 C:\Windows\SYSTEM32\MPR.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffab7fd0000 LB 0x00052000 C:\Program Files (x86)\Parallels\Parallels Tools\ShellExtentions\PrlToolsShellExt.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files (x86)\Parallels\Parallels Tools\ShellExtentions\PrlToolsShellExt.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab7fd0000 'C:\Program Files (x86)\Parallels\Parallels Tools\ShellExtentions\PrlToolsShellExt.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d14 pwszName=\Device\HarddiskVolume4\Windows\System32\mssprxy.dll 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=246789B7D75DFAD08D941EC92596C38786199961 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_218_for_KB3081444~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\mssprxy.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mssprxy.dll) WinVerifyTrust 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mssprxy.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mssprxy.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mssprxy.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffab83d0000 LB 0x00023000 C:\Windows\system32\mssprxy.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mssprxy.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab83d0000 'C:\Windows\system32\mssprxy.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\System32\shell32.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d2c pwszName=\Device\HarddiskVolume4\Windows\System32\thumbcache.dll 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C1DBC107C40D287802EBE6D2F04AED2B6BC21C52 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-AppRuntime-shell-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\thumbcache.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shcore.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\thumbcache.dll) WinVerifyTrust 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\thumbcache.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\thumbcache.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\thumbcache.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffab8f80000 LB 0x0004b000 C:\Windows\System32\thumbcache.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\thumbcache.dll 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac02e0000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab8f80000 'C:\Windows\System32\thumbcache.dll' 130c.1f0c: '\Device\HarddiskVolume4\Windows\System32\imageres.dll' has no imports 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\imageres.dll) 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imageres.dll 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\imageres.dll [avoiding WinVerifyTrust] 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ebc pwszName=\Device\HarddiskVolume4\Windows\System32\imageres.dll 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4623A580B03375E478409EF57299A63413828324 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\imageres.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imageres.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3df0000 'C:\Windows\system32\ole32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3f40000 'C:\Windows\system32\OLEAUT32.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cb8 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AA7BAB6C49E4A06208A6E0EE146D0A4385100231 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c58 pwszName=\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8589CB867869E61D2D0DD902D9F24828D41B3FB4 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll) WinVerifyTrust 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffaca3c0000 LB 0x0007f000 C:\Windows\SYSTEM32\wbemcomn.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffaca450000 LB 0x00011000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1900000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaca450000 'C:\Windows\system32\wbem\wbemprox.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f04 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F55A40FEDA5AB0854F7A2A7AE88B827B3F76303B 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffac9980000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9980000 'C:\Windows\system32\wbem\wbemsvc.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1900000 'api-ms-win-core-localization-l1-2-0.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1900000 'api-ms-win-core-localization-obsolete-l1-1-0.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f08 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E360AD530F1A62ACF9003C6FE3BA6BBD7638D488 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll' 130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'. 130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll) WinVerifyTrust 130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll 130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffac9e20000 LB 0x000f8000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0] 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9e20000 'C:\Windows\system32\wbem\fastprox.dll' 130c.2150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.2150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 130c.2150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'. 130c.2150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 130c.2150: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust 130c.2150: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll 130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'... 130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008] 130c.2150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.2150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'. 130c.2150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 130c.2150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'. 130c.2150: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust 130c.2150: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll 130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 130c.2150: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll 130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 130c.2150: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.2150: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll 130c.2150: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll 130c.2150: supR3HardenedDllNotificationCallback: load 0000000068760000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0] 130c.2150: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll 130c.2150: supR3HardenedDllNotificationCallback: load 00007ffaa5e70000 LB 0x00293000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0] 130c.2150: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll 130c.2150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5e70000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\VBoxUSBMon.sys) 130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\VBoxUSBMon.sys 130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\VBoxUSBMon.sys [avoiding WinVerifyTrust] 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\VBoxDrv.sys) 130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\VBoxDrv.sys 130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\VBoxDrv.sys [avoiding WinVerifyTrust] 130c.1794: \Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetAdp6.sys: Owner is administrators group. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ndis.sys'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ntoskrnl.exe'. 130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetAdp6.sys) 130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetAdp6.sys 130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetAdp6.sys [avoiding WinVerifyTrust] 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'. 130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetLwf.sys) 130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetLwf.sys 130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetLwf.sys [avoiding WinVerifyTrust] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume4\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008] 130c.1794: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\drivers\netio.sys'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msrpc.sys'. 130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\netio.sys) 130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\netio.sys 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008] 130c.1794: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'wpprecorder.sys'. 130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys) 130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 130c.1794: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'hal.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'pshed.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'bootvid.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'kdcom.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ci.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'msrpc.sys'. 130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe) 130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys [lacks WinVerifyTrust] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msrpc.sys' 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ci.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ci.dll' -> '\Device\HarddiskVolume4\Windows\System32\ci.dll' [rcNtRedir=0xc0150008] 130c.1794: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\ci.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'. 130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ci.dll) 130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ci.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume4\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008] 130c.1794: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kdcom.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'. 130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kdcom.dll) 130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kdcom.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bootvid.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'bootvid.dll' -> '\Device\HarddiskVolume4\Windows\System32\bootvid.dll' [rcNtRedir=0xc0150008] 130c.1794: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\BOOTVID.DLL'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\BOOTVID.DLL) 130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\BOOTVID.DLL 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume4\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008] 130c.1794: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\PSHED.DLL'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'. 130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\PSHED.DLL) 130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\PSHED.DLL 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume4\Windows\System32\hal.dll' [rcNtRedir=0xc0150008] 130c.1794: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\hal.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'kdcom.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'pshed.dll'. 130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\hal.dll) 130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\hal.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wpprecorder.sys'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'wpprecorder.sys' -> '\Device\HarddiskVolume4\Windows\System32\drivers\wpprecorder.sys' [rcNtRedir=0xc0150008] 130c.1794: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\drivers\WppRecorder.sys'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\WppRecorder.sys) 130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\WppRecorder.sys 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume4\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\netio.sys [lacks WinVerifyTrust] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume4\Windows\System32\hal.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\hal.dll [lacks WinVerifyTrust] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msrpc.sys' -> '\Device\HarddiskVolume4\Windows\System32\drivers\msrpc.sys' [rcNtRedir=0xc0150008] 130c.1794: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\drivers\msrpc.sys'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\msrpc.sys) 130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\msrpc.sys 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys [lacks WinVerifyTrust] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume4\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\PSHED.DLL [lacks WinVerifyTrust] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume4\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kdcom.dll [lacks WinVerifyTrust] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume4\Windows\System32\hal.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\hal.dll [lacks WinVerifyTrust] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume4\Windows\System32\hal.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\hal.dll [lacks WinVerifyTrust] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume4\Windows\System32\hal.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\hal.dll [lacks WinVerifyTrust] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetLwf.sys' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetAdp6.sys' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\VBoxDrv.sys' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\VBoxUSBMon.sys' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\msrpc.sys' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\WppRecorder.sys' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\hal.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\PSHED.DLL' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\BOOTVID.DLL' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kdcom.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ci.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\netio.sys' 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cbc pwszName=\Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=695CB5D234E33829E3320DD8DE835DE7D1459933 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_379_for_KB3097617~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll' 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'ws2_32.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'netsetupapi.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'setupapi.dll'. 130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll) WinVerifyTrust 130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netsetupapi.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'netsetupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\netsetupapi.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'. 130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\NetSetupApi.dll) WinVerifyTrust 130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\NetSetupApi.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupShim.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll 130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupApi.dll 130c.1794: supR3HardenedDllNotificationCallback: load 00007ffac8750000 LB 0x0001d000 C:\Windows\System32\NetSetupApi.dll [fFlags=0x0] 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupApi.dll 130c.1794: supR3HardenedDllNotificationCallback: load 00007ffac8770000 LB 0x00063000 C:\Windows\System32\NetSetupShim.dll [fFlags=0x0] 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac8770000 'C:\Windows\System32\NetSetupShim.dll' 130c.1e90: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1e90: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 130c.1e90: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 130c.1e90: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 130c.1e90: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 130c.1e90: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust 130c.1e90: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll 130c.1e90: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 130c.1e90: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 130c.1e90: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 130c.1e90: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 130c.1e90: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 130c.1e90: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 130c.1e90: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll 130c.1e90: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 130c.1e90: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 130c.1e90: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1e90: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll 130c.1e90: supR3HardenedDllNotificationCallback: load 00007ffad09d0000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0] 130c.1e90: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll 130c.1e90: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad09d0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL' 130c.13e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.13e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 130c.13e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 130c.13e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 130c.13e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust 130c.13e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll 130c.13e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 130c.13e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 130c.13e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 130c.13e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 130c.13e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll 130c.13e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 130c.13e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 130c.13e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.13e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll 130c.13e0: supR3HardenedDllNotificationCallback: load 00007ffac91e0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0] 130c.13e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll 130c.13e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac91e0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL' 130c.acc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.acc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 130c.acc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 130c.acc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 130c.acc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust 130c.acc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll 130c.acc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 130c.acc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 130c.acc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 130c.acc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 130c.acc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll 130c.acc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 130c.acc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 130c.acc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.acc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll 130c.acc: supR3HardenedDllNotificationCallback: load 00007ffac8c30000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0] 130c.acc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll 130c.acc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac8c30000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL' 130c.1450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 130c.1450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 130c.1450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 130c.1450: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust 130c.1450: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll 130c.1450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 130c.1450: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 130c.1450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 130c.1450: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 130c.1450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 130c.1450: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 130c.1450: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1450: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll 130c.1450: supR3HardenedDllNotificationCallback: load 00007ffac0960000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0] 130c.1450: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll 130c.1450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac0960000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32/Shell32.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'. 130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust 130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winnsi.dll'. 130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust 130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008] 130c.1794: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winnsi.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'. 130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winnsi.dll) 130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winnsi.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust 130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'. 130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust 130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume4\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001114 pwszName=\Device\HarddiskVolume4\Windows\System32\newdev.dll 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=793D99A2656EF7BC8AE3D3DA54E1A198969B9F96 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\newdev.dll' 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'uxtheme.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'cfgmgr32.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'setupapi.dll'. 130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\newdev.dll) WinVerifyTrust 130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\newdev.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1794: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume4\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll 130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll 130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll 130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL 130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\newdev.dll 130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll [avoiding WinVerifyTrust] 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1794: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\devrtl.dll) 130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devrtl.dll 130c.1794: supR3HardenedDllNotificationCallback: load 00007ffac9830000 LB 0x00013000 C:\Windows\SYSTEM32\devrtl.DLL [fFlags=0x0] 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\devrtl.dll [avoiding WinVerifyTrust] 130c.1794: supR3HardenedDllNotificationCallback: load 00007ffaa9d90000 LB 0x00058000 C:\Windows\SYSTEM32\newdev.dll [fFlags=0x0] 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\newdev.dll 130c.1794: supR3HardenedDllNotificationCallback: load 00007ffaa9cb0000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0] 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll 130c.1794: supR3HardenedDllNotificationCallback: load 00007ffaa7a50000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0] 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll 130c.1794: supR3HardenedDllNotificationCallback: load 00007ffacc710000 LB 0x0000b000 C:\Windows\SYSTEM32\WINNSI.DLL [fFlags=0x0] 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll [avoiding WinVerifyTrust] 130c.1794: supR3HardenedDllNotificationCallback: load 00007ffacc720000 LB 0x00038000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0] 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL 130c.1794: supR3HardenedDllNotificationCallback: load 00007ffaa3700000 LB 0x008e2000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0] 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa3700000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL' 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001164 pwszName=\Device\HarddiskVolume4\Windows\System32\devrtl.dll 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E4E1A7D70D0B4F04066620172BA9B8A3CADF2EF6 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\devrtl.dll' 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\devrtl.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\winnsi.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll 130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa3ff0000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll 130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa7a50000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.544: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.544: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 130c.544: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 130c.544: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 130c.544: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust 130c.544: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll 130c.544: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 130c.544: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 130c.544: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 130c.544: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 130c.544: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll 130c.544: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 130c.544: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 130c.544: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.544: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll 130c.544: supR3HardenedDllNotificationCallback: load 00007ffac0950000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0] 130c.544: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll 130c.544: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac0950000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL' 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000120c pwszName=\Device\HarddiskVolume4\Windows\System32\dsound.dll 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7FF2119E435E404AD007FD65DA8D286C1635ACA6 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\dsound.dll' 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'advapi32.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'winmm.dll'. 130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dsound.dll) WinVerifyTrust 130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dsound.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll 130c.1794: supR3HardenedDllNotificationCallback: load 00007ffaa7320000 LB 0x0009c000 C:\Windows\system32\dsound.dll [fFlags=0x0] 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll 130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa7320000 'C:\Windows\system32\dsound.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa7320000 'C:\Windows\system32/dsound.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'devobj.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'propsys.dll'. 130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll) WinVerifyTrust 130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume4\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll [redoing WinVerifyTrust] 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll 130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1794: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\devobj.dll' 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll 130c.1794: supR3HardenedDllNotificationCallback: load 00007ffaca580000 LB 0x00072000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0] 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaca580000 'C:\Windows\System32\MMDevApi.dll' 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll 130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaca580000 'C:\Windows\system32\MMDEVAPI.DLL' 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll 130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\system32\winmm.dll' 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001278 pwszName=\Device\HarddiskVolume4\Windows\System32\wdmaud.drv 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83143779FC4D27950BF3BCBCD430201AA21D5678 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Multimedia-MMECoreWdmAudio-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\wdmaud.drv' 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ksuser.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'winmm.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'avrt.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'mmdevapi.dll'. 130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wdmaud.drv) WinVerifyTrust 130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wdmaud.drv 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\avrt.dll) WinVerifyTrust 130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\avrt.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume4\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ksuser.dll) WinVerifyTrust 130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ksuser.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv 130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll 130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll 130c.1794: supR3HardenedDllNotificationCallback: load 00007ffac9aa0000 LB 0x00008000 C:\Windows\SYSTEM32\ksuser.dll [fFlags=0x0] 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll 130c.1794: supR3HardenedDllNotificationCallback: load 00007ffac9a90000 LB 0x0000b000 C:\Windows\SYSTEM32\AVRT.dll [fFlags=0x0] 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll 130c.1794: supR3HardenedDllNotificationCallback: load 00007ffacf6e0000 LB 0x00041000 C:\Windows\system32\wdmaud.drv [fFlags=0x0] 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv' 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv 130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv' 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv 130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv' 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv 130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv' 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv 130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'mmdevapi.dll'. 130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\AudioSes.dll) WinVerifyTrust 130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\AudioSes.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'combase.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. 130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\WinTypes.dll) 130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\WinTypes.dll 130c.1794: supR3HardenedDllNotificationCallback: load 00007ffaca600000 LB 0x00131000 C:\Windows\SYSTEM32\wintypes.dll [fFlags=0x0] 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust] 130c.1794: supR3HardenedDllNotificationCallback: load 00007ffac2570000 LB 0x00085000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0] 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2570000 'C:\Windows\system32\AUDIOSES.DLL' 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\WinTypes.dll' 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv 130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv' 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv 130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv' 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fe8 pwszName=\Device\HarddiskVolume4\Windows\System32\msacm32.drv 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EAA362874D7E19DE11B8B4782838AD2981FC207 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\msacm32.drv' 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msacm32.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmm.dll'. 130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.drv) WinVerifyTrust 130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.drv 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.dll) WinVerifyTrust 130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll 130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv 130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll 130c.1794: supR3HardenedDllNotificationCallback: load 00007ffacf6c0000 LB 0x0001c000 C:\Windows\SYSTEM32\MSACM32.dll [fFlags=0x0] 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll 130c.1794: supR3HardenedDllNotificationCallback: load 00007ffacf980000 LB 0x0000c000 C:\Windows\system32\msacm32.drv [fFlags=0x0] 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf980000 'C:\Windows\system32\msacm32.drv' 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv 130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf980000 'C:\Windows\system32\msacm32.drv' 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv 130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf980000 'C:\Windows\system32\msacm32.drv' 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv 130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf980000 'C:\Windows\system32\msacm32.drv' 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv 130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf980000 'C:\Windows\system32\msacm32.drv' 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv 130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf980000 'C:\Windows\system32\msacm32.drv' 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv 130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf980000 'C:\Windows\system32\msacm32.drv' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf980000 'C:\Windows\system32\msacm32.drv' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf980000 'C:\Windows\system32\msacm32.drv' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf980000 'C:\Windows\system32\msacm32.drv' 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000012cc pwszName=\Device\HarddiskVolume4\Windows\System32\midimap.dll 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=96AFFE7289EA0FE318F97A9F3C88DF66DCB2B4F6 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll' 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\midimap.dll' 130c.1794: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'winmm.dll'. 130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\midimap.dll) WinVerifyTrust 130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\midimap.dll 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll 130c.1794: supR3HardenedDllNotificationCallback: load 00007ffacf970000 LB 0x0000a000 C:\Windows\system32\midimap.dll [fFlags=0x0] 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf970000 'C:\Windows\system32\midimap.dll' 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll 130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf970000 'C:\Windows\system32\midimap.dll' 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll 130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf970000 'C:\Windows\system32\midimap.dll' 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll 130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf970000 'C:\Windows\system32\midimap.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\system32\winmm.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\system32\winmm.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\system32\winmm.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\system32\winmm.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\system32\winmm.dll' 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll 130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\system32\winmm.dll' 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll 130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa7320000 'C:\Windows\System32\dsound.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\system32\winmm.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\system32\winmm.dll' 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\system32\winmm.dll' 130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll 130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad4420000 'C:\Windows\system32/kernel32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3f40000 'C:\Windows\system32\OLEAUT32.DLL' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msctf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3b50000 'C:\Windows\system32\msctf.dll' 130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msctf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3b50000 'C:\Windows\system32\msctf.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll' 130c.544: supR3HardenedDllNotificationCallback: Unload 00007ffac0950000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0] 130c.1450: supR3HardenedDllNotificationCallback: Unload 00007ffac0960000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0] 130c.acc: supR3HardenedDllNotificationCallback: Unload 00007ffac8c30000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0] 130c.13e0: supR3HardenedDllNotificationCallback: Unload 00007ffac91e0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0] 130c.1e90: supR3HardenedDllNotificationCallback: Unload 00007ffad09d0000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0] 130c.1794: supR3HardenedDllNotificationCallback: Unload 00007ffaa3700000 LB 0x008e2000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0] 130c.1794: supR3HardenedDllNotificationCallback: Unload 00007ffaa9cb0000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0] 130c.1794: supR3HardenedDllNotificationCallback: Unload 00007ffaa9d90000 LB 0x00058000 C:\Windows\SYSTEM32\newdev.dll [flags=0x0] 130c.1794: supR3HardenedDllNotificationCallback: Unload 00007ffac9830000 LB 0x00013000 C:\Windows\SYSTEM32\devrtl.DLL [flags=0x0] 130c.1794: supR3HardenedDllNotificationCallback: Unload 00007ffaa7a50000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0] 130c.1794: supR3HardenedDllNotificationCallback: Unload 00007ffacc720000 LB 0x00038000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [flags=0x0] 130c.1794: supR3HardenedDllNotificationCallback: Unload 00007ffacc710000 LB 0x0000b000 C:\Windows\SYSTEM32\WINNSI.DLL [flags=0x0] 130c.1f0c: Terminating the normal way: rcExit=0 17d4.18f8: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 55329 ms, the end); 1e00.2090: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 55722 ms, the end);