a70.1c88: Log file opened: 5.0.4r102546 g_hStartupLog=0000000000000120 g_uNtVerCombined=0xa0280000 a70.1c88: \SystemRoot\System32\ntdll.dll: a70.1c88: CreationTime: 2015-09-25T20:05:35.147044800Z a70.1c88: LastWriteTime: 2015-08-08T07:29:58.168349600Z a70.1c88: ChangeTime: 2015-09-25T20:22:15.663609100Z a70.1c88: FileAttributes: 0x20 a70.1c88: Size: 0x1bce48 a70.1c88: NT Headers: 0xd8 a70.1c88: Timestamp: 0x55c59f92 a70.1c88: Machine: 0x8664 - amd64 a70.1c88: Timestamp: 0x55c59f92 a70.1c88: Image Version: 10.0 a70.1c88: SizeOfImage: 0x1c1000 (1839104) a70.1c88: Resource Dir: 0x15a000 LB 0x65718 a70.1c88: ProductName: Microsoft® Windows® Operating System a70.1c88: ProductVersion: 10.0.10240.16430 a70.1c88: FileVersion: 10.0.10240.16430 (th1.150807-2049) a70.1c88: FileDescription: NT Layer DLL a70.1c88: \SystemRoot\System32\kernel32.dll: a70.1c88: CreationTime: 2015-07-10T10:59:59.699781600Z a70.1c88: LastWriteTime: 2015-07-10T10:59:59.699781600Z a70.1c88: ChangeTime: 2015-09-25T07:06:16.935797300Z a70.1c88: FileAttributes: 0x20 a70.1c88: Size: 0xab830 a70.1c88: NT Headers: 0xf0 a70.1c88: Timestamp: 0x559f38ad a70.1c88: Machine: 0x8664 - amd64 a70.1c88: Timestamp: 0x559f38ad a70.1c88: Image Version: 10.0 a70.1c88: SizeOfImage: 0xad000 (708608) a70.1c88: Resource Dir: 0xab000 LB 0x518 a70.1c88: ProductName: Microsoft® Windows® Operating System a70.1c88: ProductVersion: 10.0.10240.16384 a70.1c88: FileVersion: 10.0.10240.16384 (th1.150709-1700) a70.1c88: FileDescription: Windows NT BASE API Client DLL a70.1c88: \SystemRoot\System32\KernelBase.dll: a70.1c88: CreationTime: 2015-07-10T11:00:10.325689700Z a70.1c88: LastWriteTime: 2015-07-10T11:00:10.325689700Z a70.1c88: ChangeTime: 2015-09-25T07:06:16.998301400Z a70.1c88: FileAttributes: 0x20 a70.1c88: Size: 0x1dc680 a70.1c88: NT Headers: 0x100 a70.1c88: Timestamp: 0x559f38c3 a70.1c88: Machine: 0x8664 - amd64 a70.1c88: Timestamp: 0x559f38c3 a70.1c88: Image Version: 10.0 a70.1c88: SizeOfImage: 0x1dd000 (1953792) a70.1c88: Resource Dir: 0x1c7000 LB 0x530 a70.1c88: ProductName: Microsoft® Windows® Operating System a70.1c88: ProductVersion: 10.0.10240.16384 a70.1c88: FileVersion: 10.0.10240.16384 (th1.150709-1700) a70.1c88: FileDescription: Windows NT BASE API Client DLL a70.1c88: \SystemRoot\System32\apisetschema.dll: a70.1c88: CreationTime: 2015-07-10T11:00:04.872098600Z a70.1c88: LastWriteTime: 2015-07-10T11:00:04.872098600Z a70.1c88: ChangeTime: 2015-09-25T07:06:14.701298100Z a70.1c88: FileAttributes: 0x20 a70.1c88: Size: 0x16760 a70.1c88: NT Headers: 0xc8 a70.1c88: Timestamp: 0x559f3e3d a70.1c88: Machine: 0x8664 - amd64 a70.1c88: Timestamp: 0x559f3e3d a70.1c88: Image Version: 10.0 a70.1c88: SizeOfImage: 0x17000 (94208) a70.1c88: Resource Dir: 0x16000 LB 0x3f0 a70.1c88: ProductName: Microsoft® Windows® Operating System a70.1c88: ProductVersion: 10.0.10240.16384 a70.1c88: FileVersion: 10.0.10240.16384 (th1.150709-1700) a70.1c88: FileDescription: ApiSet Schema DLL a70.1c88: NtOpenDirectoryObject failed on \Driver: 0xc0000022 a70.1c88: supR3HardenedWinFindAdversaries: 0x100 a70.1c88: \SystemRoot\System32\drivers\avgrkx64.sys: a70.1c88: CreationTime: 2015-03-20T10:18:18.000000000Z a70.1c88: LastWriteTime: 2015-03-20T10:18:18.000000000Z a70.1c88: ChangeTime: 2015-09-25T06:34:23.860789900Z a70.1c88: FileAttributes: 0x20 a70.1c88: Size: 0x9fe0 a70.1c88: NT Headers: 0xe8 a70.1c88: Timestamp: 0x550bf3e7 a70.1c88: Machine: 0x8664 - amd64 a70.1c88: Timestamp: 0x550bf3e7 a70.1c88: Image Version: 6.2 a70.1c88: SizeOfImage: 0xa000 (40960) a70.1c88: Resource Dir: 0x9000 LB 0x510 a70.1c88: ProductName: AVG Internet Security a70.1c88: ProductVersion: 15.0.0.5908 a70.1c88: FileVersion: 15.0.0.5908 a70.1c88: SpecialBuild: AvCompile_2015_0320_111532(5908), SVNRev 18c4578e1c294cb8006a179b834157155925d4af (release/SmallUpdate2015-04_beta), av a70.1c88: PrivateBuild: x64 Release_Unicode_DRIVER a70.1c88: FileDescription: AVG Anti-Rootkit Driver a70.1c88: \SystemRoot\System32\drivers\avgmfx64.sys: a70.1c88: CreationTime: 2015-08-04T09:32:32.000000000Z a70.1c88: LastWriteTime: 2015-08-04T09:32:32.000000000Z a70.1c88: ChangeTime: 2015-09-25T06:34:25.407743600Z a70.1c88: FileAttributes: 0x20 a70.1c88: Size: 0x3d3b0 a70.1c88: NT Headers: 0xe0 a70.1c88: Timestamp: 0x55c086ac a70.1c88: Machine: 0x8664 - amd64 a70.1c88: Timestamp: 0x55c086ac a70.1c88: Image Version: 6.2 a70.1c88: SizeOfImage: 0x3e000 (253952) a70.1c88: Resource Dir: 0x3c000 LB 0x52c a70.1c88: ProductName: AVG Internet Security a70.1c88: ProductVersion: 15.0.0.6132 a70.1c88: FileVersion: 15.0.0.6132 a70.1c88: SpecialBuild: AvCompile_2015_0804_112815(6132), SVNRev cbac1c769cb9b6888db1f1065b4133bf3c9ce40f (release/SmallUpdate2015-08_beta), av a70.1c88: PrivateBuild: x64 Release_Unicode_DRIVER a70.1c88: FileDescription: AVG Resident Shield Minifilter Driver a70.1c88: \SystemRoot\System32\drivers\avgidsdrivera.sys: a70.1c88: CreationTime: 2015-08-19T09:52:30.000000000Z a70.1c88: LastWriteTime: 2015-08-19T09:52:30.000000000Z a70.1c88: ChangeTime: 2015-09-25T06:34:26.104269300Z a70.1c88: FileAttributes: 0x20 a70.1c88: Size: 0x4c7b0 a70.1c88: NT Headers: 0xe8 a70.1c88: Timestamp: 0x55d451da a70.1c88: Machine: 0x8664 - amd64 a70.1c88: Timestamp: 0x55d451da a70.1c88: Image Version: 6.2 a70.1c88: SizeOfImage: 0x53000 (339968) a70.1c88: Resource Dir: 0x51000 LB 0x554 a70.1c88: ProductName: AVG Internet Security a70.1c88: ProductVersion: 15.0.0.6137 a70.1c88: FileVersion: 15.0.0.6137 a70.1c88: SpecialBuild: AvCompile_2015_0819_113418(6137), SVNRev 7ade868631072664eb184732ae422a4307e58f68 (release/SmallUpdate2015-08_release), av a70.1c88: PrivateBuild: x64 Release_Unicode_DRIVER a70.1c88: FileDescription: AVG IDS Application Activity Monitor Driver. a70.1c88: \SystemRoot\System32\drivers\avgidsha.sys: a70.1c88: CreationTime: 2015-08-19T09:53:56.000000000Z a70.1c88: LastWriteTime: 2015-08-19T09:53:56.000000000Z a70.1c88: ChangeTime: 2015-09-25T06:34:26.026140600Z a70.1c88: FileAttributes: 0x20 a70.1c88: Size: 0x48bb0 a70.1c88: NT Headers: 0xd8 a70.1c88: Timestamp: 0x55d45230 a70.1c88: Machine: 0x8664 - amd64 a70.1c88: Timestamp: 0x55d45230 a70.1c88: Image Version: 6.2 a70.1c88: SizeOfImage: 0x49000 (299008) a70.1c88: Resource Dir: 0x47000 LB 0x548 a70.1c88: ProductName: AVG Internet Security a70.1c88: ProductVersion: 15.0.0.6137 a70.1c88: FileVersion: 15.0.0.6137 a70.1c88: SpecialBuild: AvCompile_2015_0819_113418(6137), SVNRev 7ade868631072664eb184732ae422a4307e58f68 (release/SmallUpdate2015-08_release), av a70.1c88: PrivateBuild: x64 Release_Unicode_DRIVER a70.1c88: FileDescription: AVG Application Activity Monitor Helper Driver a70.1c88: \SystemRoot\System32\drivers\avgloga.sys: a70.1c88: CreationTime: 2015-05-07T11:50:22.000000000Z a70.1c88: LastWriteTime: 2015-05-07T11:50:22.000000000Z a70.1c88: ChangeTime: 2015-09-25T06:34:23.767034300Z a70.1c88: FileAttributes: 0x20 a70.1c88: Size: 0x5c5e0 a70.1c88: NT Headers: 0xf0 a70.1c88: Timestamp: 0x554b5179 a70.1c88: Machine: 0x8664 - amd64 a70.1c88: Timestamp: 0x554b5179 a70.1c88: Image Version: 6.2 a70.1c88: SizeOfImage: 0x5b000 (372736) a70.1c88: Resource Dir: 0x59000 LB 0x4ec a70.1c88: ProductName: AVG Internet Security a70.1c88: ProductVersion: 15.0.0.5957 a70.1c88: FileVersion: 15.0.0.5957 a70.1c88: SpecialBuild: AvCompile_2015_0507_134328(5957), SVNRev bcddc515e1405c8e35481b16de334020e451ec3e (release/HotFix2015-05), av a70.1c88: PrivateBuild: x64 Release_Unicode_DRIVER a70.1c88: FileDescription: AVG Logging Driver a70.1c88: \SystemRoot\System32\drivers\avgldx64.sys: a70.1c88: CreationTime: 2015-06-16T13:55:04.000000000Z a70.1c88: LastWriteTime: 2015-06-16T13:55:04.000000000Z a70.1c88: ChangeTime: 2015-09-25T06:34:23.970170200Z a70.1c88: FileAttributes: 0x20 a70.1c88: Size: 0x3f3e0 a70.1c88: NT Headers: 0xe0 a70.1c88: Timestamp: 0x55802aaf a70.1c88: Machine: 0x8664 - amd64 a70.1c88: Timestamp: 0x55802aaf a70.1c88: Image Version: 6.2 a70.1c88: SizeOfImage: 0x42000 (270336) a70.1c88: Resource Dir: 0x40000 LB 0x50c a70.1c88: ProductName: AVG Internet Security a70.1c88: ProductVersion: 15.0.0.6055 a70.1c88: FileVersion: 15.0.0.6055 a70.1c88: SpecialBuild: AvCompile_2015_0616_154836(6055), SVNRev 309d50c06d2885375935ac1c0a79cdb255cb7045 (release/SmallUpdate2015-06_beta), av a70.1c88: PrivateBuild: x64 Release_Unicode_DRIVER a70.1c88: FileDescription: AVG AVI Loader Driver a70.1c88: \SystemRoot\System32\drivers\avgdiska.sys: a70.1c88: CreationTime: 2015-03-11T10:16:06.000000000Z a70.1c88: LastWriteTime: 2015-03-11T10:16:06.000000000Z a70.1c88: ChangeTime: 2015-09-25T06:34:26.307403800Z a70.1c88: FileAttributes: 0x20 a70.1c88: Size: 0x27be0 a70.1c88: NT Headers: 0xe0 a70.1c88: Timestamp: 0x550015e3 a70.1c88: Machine: 0x8664 - amd64 a70.1c88: Timestamp: 0x550015e3 a70.1c88: Image Version: 6.2 a70.1c88: SizeOfImage: 0x29000 (167936) a70.1c88: Resource Dir: 0x27000 LB 0x4e0 a70.1c88: ProductName: AVG Internet Security a70.1c88: ProductVersion: 15.0.0.5902 a70.1c88: FileVersion: 15.0.0.5902 a70.1c88: SpecialBuild: AvCompile_2015_0311_110513(5902), SVNRev d57888a6d0541615b2b2c643813a0b67abc3acba (av/devel), av a70.1c88: PrivateBuild: x64 Release_Unicode_DRIVER a70.1c88: FileDescription: AVG File Vault Driver a70.1c88: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' a70.1c88: Calling main() a70.1c88: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 a70.1c88: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' a70.1c88: SUPR3HardenedMain: Respawn #1 a70.1c88: System32: \Device\HarddiskVolume5\Windows\System32 a70.1c88: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS a70.1c88: KnownDllPath: C:\WINDOWS\system32 a70.1c88: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports a70.1c88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe) a70.1c88: supR3HardNtEnableThreadCreation: a70.1c88: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc43ecfb70 pvNtTerminateThread=00007ffc43ef3a20 a70.1c88: supR3HardenedWinDoReSpawn(1): New child 26dc.3020 [kernel32]. a70.1c88: supR3HardNtChildGatherData: PebBaseAddress=00007ff654adb000 cbPeb=0x388 a70.1c88: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffc43e60000 uNtDllChildAddr=00007ffc43e60000 a70.1c88: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffc43ecfb70 a70.1c88: supR3HardenedWinSetupChildInit: Start child. a70.1c88: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. a70.1c88: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 33 sleeps a70.1c88: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION a70.1c88: *0000000000000000-ffffffffff34ffff 0x0001/0x0000 0x0000000 a70.1c88: *0000000000cb0000-0000000000c8ffff 0x0004/0x0004 0x0020000 a70.1c88: *0000000000cd0000-0000000000cbbfff 0x0002/0x0002 0x0040000 a70.1c88: 0000000000ce4000-0000000000cd7fff 0x0001/0x0000 0x0000000 a70.1c88: *0000000000cf0000-0000000000bf3fff 0x0000/0x0004 0x0020000 a70.1c88: 0000000000dec000-0000000000de8fff 0x0104/0x0004 0x0020000 a70.1c88: 0000000000def000-0000000000dedfff 0x0004/0x0004 0x0020000 a70.1c88: *0000000000df0000-0000000000debfff 0x0002/0x0002 0x0040000 a70.1c88: 0000000000df4000-0000000000de7fff 0x0001/0x0000 0x0000000 a70.1c88: *0000000000e00000-0000000000dfdfff 0x0004/0x0004 0x0020000 a70.1c88: 0000000000e02000-ffffffff81c23fff 0x0001/0x0000 0x0000000 a70.1c88: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 a70.1c88: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 a70.1c88: 000000007fff0000-ffff800aab52ffff 0x0001/0x0000 0x0000000 a70.1c88: *00007ff654ab0000-00007ff654a8cfff 0x0002/0x0002 0x0040000 a70.1c88: 00007ff654ad3000-00007ff654acafff 0x0001/0x0000 0x0000000 a70.1c88: *00007ff654adb000-00007ff654ad9fff 0x0004/0x0004 0x0020000 a70.1c88: 00007ff654adc000-00007ff654ad9fff 0x0001/0x0000 0x0000000 a70.1c88: *00007ff654ade000-00007ff654adbfff 0x0004/0x0004 0x0020000 a70.1c88: 00007ff654ae0000-00007ff653bcffff 0x0001/0x0000 0x0000000 a70.1c88: *00007ff6559f0000-00007ff6559f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe a70.1c88: 00007ff6559f1000-00007ff655a77fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe a70.1c88: 00007ff655a78000-00007ff655a78fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe a70.1c88: 00007ff655a79000-00007ff655ac3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe a70.1c88: 00007ff655ac4000-00007ff655ac4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe a70.1c88: 00007ff655ac5000-00007ff655ac5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe a70.1c88: 00007ff655ac6000-00007ff655acafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe a70.1c88: 00007ff655acb000-00007ff655acbfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe a70.1c88: 00007ff655acc000-00007ff655accfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe a70.1c88: 00007ff655acd000-00007ff655ad0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe a70.1c88: 00007ff655ad1000-00007ff655b1bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe a70.1c88: 00007ff655b1c000-00007ff0677d7fff 0x0001/0x0000 0x0000000 a70.1c88: *00007ffc43e60000-00007ffc43e60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll a70.1c88: 00007ffc43e61000-00007ffc43f5cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll a70.1c88: 00007ffc43f5d000-00007ffc43f9efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll a70.1c88: 00007ffc43f9f000-00007ffc43fa7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll a70.1c88: 00007ffc43fa8000-00007ffc43fb5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll a70.1c88: 00007ffc43fb6000-00007ffc43fb6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll a70.1c88: 00007ffc43fb7000-00007ffc43fb9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll a70.1c88: 00007ffc43fba000-00007ffc44020fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll a70.1c88: 00007ffc44021000-00007ff888061fff 0x0001/0x0000 0x0000000 a70.1c88: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 a70.1c88: VirtualBox.exe: timestamp 0x55eeaed7 (rc=VINF_SUCCESS) a70.1c88: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports a70.1c88: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports a70.1c88: supR3HardNtChildPurify: Done after 625 ms and 0 fixes (loop #0). 26dc.3020: Log file opened: 5.0.4r102546 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0280000 a70.1c88: supR3HardNtEnableThreadCreation: 26dc.3020: supR3HardenedVmProcessInit: uNtDllAddr=00007ffc43e60000 26dc.3020: ntdll.dll: timestamp 0x55c59f92 (rc=VINF_SUCCESS) 26dc.3020: New simple heap: #1 0000000000f10000 LB 0x400000 (for 1839104 allocation) 26dc.3020: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 26dc.3020: System32: \Device\HarddiskVolume5\Windows\System32 26dc.3020: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS 26dc.3020: KnownDllPath: C:\WINDOWS\system32 26dc.3020: supR3HardenedVmProcessInit: Opening vboxdrv stub... 26dc.3020: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 26dc.3020: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 26dc.3020: Registered Dll notification callback with NTDLL. 26dc.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll) 26dc.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel32.dll 26dc.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801: [calling] 26dc.3020: supR3HardenedDllNotificationCallback: load 00007ffc3ffe0000 LB 0x001dd000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0] 26dc.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll) 26dc.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\KernelBase.dll 26dc.3020: supR3HardenedDllNotificationCallback: load 00007ffc426a0000 LB 0x000ad000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0] 26dc.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 26dc.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc426a0000 'C:\WINDOWS\system32\KERNEL32.DLL' 26dc.3020: supR3HardenedDllNotificationCallback: load 00007ff6559f0000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 26dc.3020: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 26dc.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe) 26dc.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 26dc.3020: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc43ecfb70 pvNtTerminateThread=00007ffc43ef3a20 a70.1c88: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 282 ms. 26dc.3020: \SystemRoot\System32\ntdll.dll: 26dc.3020: CreationTime: 2015-09-25T20:05:35.147044800Z 26dc.3020: LastWriteTime: 2015-08-08T07:29:58.168349600Z 26dc.3020: ChangeTime: 2015-09-25T20:22:15.663609100Z 26dc.3020: FileAttributes: 0x20 26dc.3020: Size: 0x1bce48 26dc.3020: NT Headers: 0xd8 26dc.3020: Timestamp: 0x55c59f92 26dc.3020: Machine: 0x8664 - amd64 26dc.3020: Timestamp: 0x55c59f92 26dc.3020: Image Version: 10.0 26dc.3020: SizeOfImage: 0x1c1000 (1839104) 26dc.3020: Resource Dir: 0x15a000 LB 0x65718 26dc.3020: ProductName: Microsoft® Windows® Operating System 26dc.3020: ProductVersion: 10.0.10240.16430 26dc.3020: FileVersion: 10.0.10240.16430 (th1.150807-2049) 26dc.3020: FileDescription: NT Layer DLL 26dc.3020: \SystemRoot\System32\kernel32.dll: 26dc.3020: CreationTime: 2015-07-10T10:59:59.699781600Z 26dc.3020: LastWriteTime: 2015-07-10T10:59:59.699781600Z 26dc.3020: ChangeTime: 2015-09-25T07:06:16.935797300Z 26dc.3020: FileAttributes: 0x20 26dc.3020: Size: 0xab830 26dc.3020: NT Headers: 0xf0 26dc.3020: Timestamp: 0x559f38ad 26dc.3020: Machine: 0x8664 - amd64 26dc.3020: Timestamp: 0x559f38ad 26dc.3020: Image Version: 10.0 26dc.3020: SizeOfImage: 0xad000 (708608) 26dc.3020: Resource Dir: 0xab000 LB 0x518 26dc.3020: ProductName: Microsoft® Windows® Operating System 26dc.3020: ProductVersion: 10.0.10240.16384 26dc.3020: FileVersion: 10.0.10240.16384 (th1.150709-1700) 26dc.3020: FileDescription: Windows NT BASE API Client DLL 26dc.3020: \SystemRoot\System32\KernelBase.dll: 26dc.3020: CreationTime: 2015-07-10T11:00:10.325689700Z 26dc.3020: LastWriteTime: 2015-07-10T11:00:10.325689700Z 26dc.3020: ChangeTime: 2015-09-25T07:06:16.998301400Z 26dc.3020: FileAttributes: 0x20 26dc.3020: Size: 0x1dc680 26dc.3020: NT Headers: 0x100 26dc.3020: Timestamp: 0x559f38c3 26dc.3020: Machine: 0x8664 - amd64 26dc.3020: Timestamp: 0x559f38c3 26dc.3020: Image Version: 10.0 26dc.3020: SizeOfImage: 0x1dd000 (1953792) 26dc.3020: Resource Dir: 0x1c7000 LB 0x530 26dc.3020: ProductName: Microsoft® Windows® Operating System 26dc.3020: ProductVersion: 10.0.10240.16384 26dc.3020: FileVersion: 10.0.10240.16384 (th1.150709-1700) 26dc.3020: FileDescription: Windows NT BASE API Client DLL 26dc.3020: \SystemRoot\System32\apisetschema.dll: 26dc.3020: CreationTime: 2015-07-10T11:00:04.872098600Z 26dc.3020: LastWriteTime: 2015-07-10T11:00:04.872098600Z 26dc.3020: ChangeTime: 2015-09-25T07:06:14.701298100Z 26dc.3020: FileAttributes: 0x20 26dc.3020: Size: 0x16760 26dc.3020: NT Headers: 0xc8 26dc.3020: Timestamp: 0x559f3e3d 26dc.3020: Machine: 0x8664 - amd64 26dc.3020: Timestamp: 0x559f3e3d 26dc.3020: Image Version: 10.0 26dc.3020: SizeOfImage: 0x17000 (94208) 26dc.3020: Resource Dir: 0x16000 LB 0x3f0 26dc.3020: ProductName: Microsoft® Windows® Operating System 26dc.3020: ProductVersion: 10.0.10240.16384 26dc.3020: FileVersion: 10.0.10240.16384 (th1.150709-1700) 26dc.3020: FileDescription: ApiSet Schema DLL 26dc.3020: NtOpenDirectoryObject failed on \Driver: 0xc0000022 26dc.3020: supR3HardenedWinFindAdversaries: 0x100 26dc.3020: \SystemRoot\System32\drivers\avgrkx64.sys: 26dc.3020: CreationTime: 2015-03-20T10:18:18.000000000Z 26dc.3020: LastWriteTime: 2015-03-20T10:18:18.000000000Z 26dc.3020: ChangeTime: 2015-09-25T06:34:23.860789900Z 26dc.3020: FileAttributes: 0x20 26dc.3020: Size: 0x9fe0 26dc.3020: NT Headers: 0xe8 26dc.3020: Timestamp: 0x550bf3e7 26dc.3020: Machine: 0x8664 - amd64 26dc.3020: Timestamp: 0x550bf3e7 26dc.3020: Image Version: 6.2 26dc.3020: SizeOfImage: 0xa000 (40960) 26dc.3020: Resource Dir: 0x9000 LB 0x510 26dc.3020: ProductName: AVG Internet Security 26dc.3020: ProductVersion: 15.0.0.5908 26dc.3020: FileVersion: 15.0.0.5908 26dc.3020: SpecialBuild: AvCompile_2015_0320_111532(5908), SVNRev 18c4578e1c294cb8006a179b834157155925d4af (release/SmallUpdate2015-04_beta), av 26dc.3020: PrivateBuild: x64 Release_Unicode_DRIVER 26dc.3020: FileDescription: AVG Anti-Rootkit Driver 26dc.3020: \SystemRoot\System32\drivers\avgmfx64.sys: 26dc.3020: CreationTime: 2015-08-04T09:32:32.000000000Z 26dc.3020: LastWriteTime: 2015-08-04T09:32:32.000000000Z 26dc.3020: ChangeTime: 2015-09-25T06:34:25.407743600Z 26dc.3020: FileAttributes: 0x20 26dc.3020: Size: 0x3d3b0 26dc.3020: NT Headers: 0xe0 26dc.3020: Timestamp: 0x55c086ac 26dc.3020: Machine: 0x8664 - amd64 26dc.3020: Timestamp: 0x55c086ac 26dc.3020: Image Version: 6.2 26dc.3020: SizeOfImage: 0x3e000 (253952) 26dc.3020: Resource Dir: 0x3c000 LB 0x52c 26dc.3020: ProductName: AVG Internet Security 26dc.3020: ProductVersion: 15.0.0.6132 26dc.3020: FileVersion: 15.0.0.6132 26dc.3020: SpecialBuild: AvCompile_2015_0804_112815(6132), SVNRev cbac1c769cb9b6888db1f1065b4133bf3c9ce40f (release/SmallUpdate2015-08_beta), av 26dc.3020: PrivateBuild: x64 Release_Unicode_DRIVER 26dc.3020: FileDescription: AVG Resident Shield Minifilter Driver 26dc.3020: \SystemRoot\System32\drivers\avgidsdrivera.sys: 26dc.3020: CreationTime: 2015-08-19T09:52:30.000000000Z 26dc.3020: LastWriteTime: 2015-08-19T09:52:30.000000000Z 26dc.3020: ChangeTime: 2015-09-25T06:34:26.104269300Z 26dc.3020: FileAttributes: 0x20 26dc.3020: Size: 0x4c7b0 26dc.3020: NT Headers: 0xe8 26dc.3020: Timestamp: 0x55d451da 26dc.3020: Machine: 0x8664 - amd64 26dc.3020: Timestamp: 0x55d451da 26dc.3020: Image Version: 6.2 26dc.3020: SizeOfImage: 0x53000 (339968) 26dc.3020: Resource Dir: 0x51000 LB 0x554 26dc.3020: ProductName: AVG Internet Security 26dc.3020: ProductVersion: 15.0.0.6137 26dc.3020: FileVersion: 15.0.0.6137 26dc.3020: SpecialBuild: AvCompile_2015_0819_113418(6137), SVNRev 7ade868631072664eb184732ae422a4307e58f68 (release/SmallUpdate2015-08_release), av 26dc.3020: PrivateBuild: x64 Release_Unicode_DRIVER 26dc.3020: FileDescription: AVG IDS Application Activity Monitor Driver. 26dc.3020: \SystemRoot\System32\drivers\avgidsha.sys: 26dc.3020: CreationTime: 2015-08-19T09:53:56.000000000Z 26dc.3020: LastWriteTime: 2015-08-19T09:53:56.000000000Z 26dc.3020: ChangeTime: 2015-09-25T06:34:26.026140600Z 26dc.3020: FileAttributes: 0x20 26dc.3020: Size: 0x48bb0 26dc.3020: NT Headers: 0xd8 26dc.3020: Timestamp: 0x55d45230 26dc.3020: Machine: 0x8664 - amd64 26dc.3020: Timestamp: 0x55d45230 26dc.3020: Image Version: 6.2 26dc.3020: SizeOfImage: 0x49000 (299008) 26dc.3020: Resource Dir: 0x47000 LB 0x548 26dc.3020: ProductName: AVG Internet Security 26dc.3020: ProductVersion: 15.0.0.6137 26dc.3020: FileVersion: 15.0.0.6137 26dc.3020: SpecialBuild: AvCompile_2015_0819_113418(6137), SVNRev 7ade868631072664eb184732ae422a4307e58f68 (release/SmallUpdate2015-08_release), av 26dc.3020: PrivateBuild: x64 Release_Unicode_DRIVER 26dc.3020: FileDescription: AVG Application Activity Monitor Helper Driver 26dc.3020: \SystemRoot\System32\drivers\avgloga.sys: 26dc.3020: CreationTime: 2015-05-07T11:50:22.000000000Z 26dc.3020: LastWriteTime: 2015-05-07T11:50:22.000000000Z 26dc.3020: ChangeTime: 2015-09-25T06:34:23.767034300Z 26dc.3020: FileAttributes: 0x20 26dc.3020: Size: 0x5c5e0 26dc.3020: NT Headers: 0xf0 26dc.3020: Timestamp: 0x554b5179 26dc.3020: Machine: 0x8664 - amd64 26dc.3020: Timestamp: 0x554b5179 26dc.3020: Image Version: 6.2 26dc.3020: SizeOfImage: 0x5b000 (372736) 26dc.3020: Resource Dir: 0x59000 LB 0x4ec 26dc.3020: ProductName: AVG Internet Security 26dc.3020: ProductVersion: 15.0.0.5957 26dc.3020: FileVersion: 15.0.0.5957 26dc.3020: SpecialBuild: AvCompile_2015_0507_134328(5957), SVNRev bcddc515e1405c8e35481b16de334020e451ec3e (release/HotFix2015-05), av 26dc.3020: PrivateBuild: x64 Release_Unicode_DRIVER 26dc.3020: FileDescription: AVG Logging Driver 26dc.3020: \SystemRoot\System32\drivers\avgldx64.sys: 26dc.3020: CreationTime: 2015-06-16T13:55:04.000000000Z 26dc.3020: LastWriteTime: 2015-06-16T13:55:04.000000000Z 26dc.3020: ChangeTime: 2015-09-25T06:34:23.970170200Z 26dc.3020: FileAttributes: 0x20 26dc.3020: Size: 0x3f3e0 26dc.3020: NT Headers: 0xe0 26dc.3020: Timestamp: 0x55802aaf 26dc.3020: Machine: 0x8664 - amd64 26dc.3020: Timestamp: 0x55802aaf 26dc.3020: Image Version: 6.2 26dc.3020: SizeOfImage: 0x42000 (270336) 26dc.3020: Resource Dir: 0x40000 LB 0x50c 26dc.3020: ProductName: AVG Internet Security 26dc.3020: ProductVersion: 15.0.0.6055 26dc.3020: FileVersion: 15.0.0.6055 26dc.3020: SpecialBuild: AvCompile_2015_0616_154836(6055), SVNRev 309d50c06d2885375935ac1c0a79cdb255cb7045 (release/SmallUpdate2015-06_beta), av 26dc.3020: PrivateBuild: x64 Release_Unicode_DRIVER 26dc.3020: FileDescription: AVG AVI Loader Driver 26dc.3020: \SystemRoot\System32\drivers\avgdiska.sys: 26dc.3020: CreationTime: 2015-03-11T10:16:06.000000000Z 26dc.3020: LastWriteTime: 2015-03-11T10:16:06.000000000Z 26dc.3020: ChangeTime: 2015-09-25T06:34:26.307403800Z 26dc.3020: FileAttributes: 0x20 26dc.3020: Size: 0x27be0 26dc.3020: NT Headers: 0xe0 26dc.3020: Timestamp: 0x550015e3 26dc.3020: Machine: 0x8664 - amd64 26dc.3020: Timestamp: 0x550015e3 26dc.3020: Image Version: 6.2 26dc.3020: SizeOfImage: 0x29000 (167936) 26dc.3020: Resource Dir: 0x27000 LB 0x4e0 26dc.3020: ProductName: AVG Internet Security 26dc.3020: ProductVersion: 15.0.0.5902 26dc.3020: FileVersion: 15.0.0.5902 26dc.3020: SpecialBuild: AvCompile_2015_0311_110513(5902), SVNRev d57888a6d0541615b2b2c643813a0b67abc3acba (av/devel), av 26dc.3020: PrivateBuild: x64 Release_Unicode_DRIVER 26dc.3020: FileDescription: AVG File Vault Driver 26dc.3020: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 26dc.3020: Calling main() 26dc.3020: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 26dc.3020: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 26dc.3020: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 26dc.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe) 26dc.3020: SUPR3HardenedMain: Respawn #2 26dc.3020: supR3HardNtEnableThreadCreation: 26dc.3020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\apphelp.dll) 26dc.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\apphelp.dll 26dc.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 26dc.3020: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 26dc.3020: supR3HardenedDllNotificationCallback: load 00007ffc3dc30000 LB 0x00078000 C:\WINDOWS\system32\apphelp.dll [fFlags=0x0] 26dc.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 26dc.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3dc30000 'C:\WINDOWS\system32\apphelp.dll' 26dc.3020: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc43ecfb70 pvNtTerminateThread=00007ffc43ef3a20 26dc.3020: supR3HardenedWinDoReSpawn(2): New child 2498.2eb4 [kernel32]. 26dc.3020: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless) 26dc.3020: supR3HardNtChildGatherData: PebBaseAddress=00007ff654acf000 cbPeb=0x388 26dc.3020: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffc43e60000 uNtDllChildAddr=00007ffc43e60000 26dc.3020: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffc43ecfb70 26dc.3020: supR3HardenedWinSetupChildInit: Start child. 26dc.3020: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 26dc.3020: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 33 sleeps 26dc.3020: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 26dc.3020: *0000000000000000-ffffffffff47ffff 0x0001/0x0000 0x0000000 26dc.3020: *0000000000b80000-0000000000b5ffff 0x0004/0x0004 0x0020000 26dc.3020: *0000000000ba0000-0000000000b8bfff 0x0002/0x0002 0x0040000 26dc.3020: 0000000000bb4000-0000000000ba7fff 0x0001/0x0000 0x0000000 26dc.3020: *0000000000bc0000-0000000000ac3fff 0x0000/0x0004 0x0020000 26dc.3020: 0000000000cbc000-0000000000cb8fff 0x0104/0x0004 0x0020000 26dc.3020: 0000000000cbf000-0000000000cbdfff 0x0004/0x0004 0x0020000 26dc.3020: *0000000000cc0000-0000000000cbbfff 0x0002/0x0002 0x0040000 26dc.3020: 0000000000cc4000-0000000000cb7fff 0x0001/0x0000 0x0000000 26dc.3020: *0000000000cd0000-0000000000ccdfff 0x0004/0x0004 0x0020000 26dc.3020: 0000000000cd2000-ffffffff819c3fff 0x0001/0x0000 0x0000000 26dc.3020: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 26dc.3020: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 26dc.3020: 000000007fff0000-ffff800aab53ffff 0x0001/0x0000 0x0000000 26dc.3020: *00007ff654aa0000-00007ff654a7cfff 0x0002/0x0002 0x0040000 26dc.3020: 00007ff654ac3000-00007ff654ab8fff 0x0001/0x0000 0x0000000 26dc.3020: *00007ff654acd000-00007ff654acafff 0x0004/0x0004 0x0020000 26dc.3020: *00007ff654acf000-00007ff654acdfff 0x0004/0x0004 0x0020000 26dc.3020: 00007ff654ad0000-00007ff653baffff 0x0001/0x0000 0x0000000 26dc.3020: *00007ff6559f0000-00007ff6559f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 26dc.3020: 00007ff6559f1000-00007ff655a77fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 26dc.3020: 00007ff655a78000-00007ff655a78fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 26dc.3020: 00007ff655a79000-00007ff655ac3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 26dc.3020: 00007ff655ac4000-00007ff655ac4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 26dc.3020: 00007ff655ac5000-00007ff655ac5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 26dc.3020: 00007ff655ac6000-00007ff655acafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 26dc.3020: 00007ff655acb000-00007ff655acbfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 26dc.3020: 00007ff655acc000-00007ff655accfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 26dc.3020: 00007ff655acd000-00007ff655ad0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 26dc.3020: 00007ff655ad1000-00007ff655b1bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 26dc.3020: 00007ff655b1c000-00007ff0677d7fff 0x0001/0x0000 0x0000000 26dc.3020: *00007ffc43e60000-00007ffc43e60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 26dc.3020: 00007ffc43e61000-00007ffc43f5cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 26dc.3020: 00007ffc43f5d000-00007ffc43f9efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 26dc.3020: 00007ffc43f9f000-00007ffc43fa7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 26dc.3020: 00007ffc43fa8000-00007ffc43fb5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 26dc.3020: 00007ffc43fb6000-00007ffc43fb6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 26dc.3020: 00007ffc43fb7000-00007ffc43fb9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 26dc.3020: 00007ffc43fba000-00007ffc44020fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 26dc.3020: 00007ffc44021000-00007ff888061fff 0x0001/0x0000 0x0000000 26dc.3020: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 26dc.3020: VirtualBox.exe: timestamp 0x55eeaed7 (rc=VINF_SUCCESS) 26dc.3020: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 26dc.3020: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports 26dc.3020: supR3HardNtChildPurify: Done after 625 ms and 0 fixes (loop #0). 2498.2eb4: Log file opened: 5.0.4r102546 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0280000 2498.2eb4: supR3HardenedVmProcessInit: uNtDllAddr=00007ffc43e60000 26dc.3020: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000f10000 LB 0x400000) 26dc.3020: supR3HardNtEnableThreadCreation: 2498.2eb4: ntdll.dll: timestamp 0x55c59f92 (rc=VINF_SUCCESS) 2498.2eb4: New simple heap: #1 0000000000de0000 LB 0x400000 (for 1839104 allocation) 2498.2eb4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 2498.2eb4: System32: \Device\HarddiskVolume5\Windows\System32 2498.2eb4: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS 2498.2eb4: KnownDllPath: C:\WINDOWS\system32 2498.2eb4: supR3HardenedVmProcessInit: Opening vboxdrv... 2498.2eb4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 2498.2eb4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 2498.2eb4: Registered Dll notification callback with NTDLL. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel32.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801: [calling] 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3ffe0000 LB 0x001dd000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0] 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\KernelBase.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc426a0000 LB 0x000ad000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc426a0000 'C:\WINDOWS\system32\KERNEL32.DLL' 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ff6559f0000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 2498.2eb4: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 2498.2eb4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc43ecfb70 pvNtTerminateThread=00007ffc43ef3a20 26dc.3020: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 313 ms. 2498.2eb4: \SystemRoot\System32\ntdll.dll: 2498.2eb4: CreationTime: 2015-09-25T20:05:35.147044800Z 2498.2eb4: LastWriteTime: 2015-08-08T07:29:58.168349600Z 2498.2eb4: ChangeTime: 2015-09-25T20:22:15.663609100Z 2498.2eb4: FileAttributes: 0x20 2498.2eb4: Size: 0x1bce48 2498.2eb4: NT Headers: 0xd8 2498.2eb4: Timestamp: 0x55c59f92 2498.2eb4: Machine: 0x8664 - amd64 2498.2eb4: Timestamp: 0x55c59f92 2498.2eb4: Image Version: 10.0 2498.2eb4: SizeOfImage: 0x1c1000 (1839104) 2498.2eb4: Resource Dir: 0x15a000 LB 0x65718 2498.2eb4: ProductName: Microsoft® Windows® Operating System 2498.2eb4: ProductVersion: 10.0.10240.16430 2498.2eb4: FileVersion: 10.0.10240.16430 (th1.150807-2049) 2498.2eb4: FileDescription: NT Layer DLL 2498.2eb4: \SystemRoot\System32\kernel32.dll: 2498.2eb4: CreationTime: 2015-07-10T10:59:59.699781600Z 2498.2eb4: LastWriteTime: 2015-07-10T10:59:59.699781600Z 2498.2eb4: ChangeTime: 2015-09-25T07:06:16.935797300Z 2498.2eb4: FileAttributes: 0x20 2498.2eb4: Size: 0xab830 2498.2eb4: NT Headers: 0xf0 2498.2eb4: Timestamp: 0x559f38ad 2498.2eb4: Machine: 0x8664 - amd64 2498.2eb4: Timestamp: 0x559f38ad 2498.2eb4: Image Version: 10.0 2498.2eb4: SizeOfImage: 0xad000 (708608) 2498.2eb4: Resource Dir: 0xab000 LB 0x518 2498.2eb4: ProductName: Microsoft® Windows® Operating System 2498.2eb4: ProductVersion: 10.0.10240.16384 2498.2eb4: FileVersion: 10.0.10240.16384 (th1.150709-1700) 2498.2eb4: FileDescription: Windows NT BASE API Client DLL 2498.2eb4: \SystemRoot\System32\KernelBase.dll: 2498.2eb4: CreationTime: 2015-07-10T11:00:10.325689700Z 2498.2eb4: LastWriteTime: 2015-07-10T11:00:10.325689700Z 2498.2eb4: ChangeTime: 2015-09-25T07:06:16.998301400Z 2498.2eb4: FileAttributes: 0x20 2498.2eb4: Size: 0x1dc680 2498.2eb4: NT Headers: 0x100 2498.2eb4: Timestamp: 0x559f38c3 2498.2eb4: Machine: 0x8664 - amd64 2498.2eb4: Timestamp: 0x559f38c3 2498.2eb4: Image Version: 10.0 2498.2eb4: SizeOfImage: 0x1dd000 (1953792) 2498.2eb4: Resource Dir: 0x1c7000 LB 0x530 2498.2eb4: ProductName: Microsoft® Windows® Operating System 2498.2eb4: ProductVersion: 10.0.10240.16384 2498.2eb4: FileVersion: 10.0.10240.16384 (th1.150709-1700) 2498.2eb4: FileDescription: Windows NT BASE API Client DLL 2498.2eb4: \SystemRoot\System32\apisetschema.dll: 2498.2eb4: CreationTime: 2015-07-10T11:00:04.872098600Z 2498.2eb4: LastWriteTime: 2015-07-10T11:00:04.872098600Z 2498.2eb4: ChangeTime: 2015-09-25T07:06:14.701298100Z 2498.2eb4: FileAttributes: 0x20 2498.2eb4: Size: 0x16760 2498.2eb4: NT Headers: 0xc8 2498.2eb4: Timestamp: 0x559f3e3d 2498.2eb4: Machine: 0x8664 - amd64 2498.2eb4: Timestamp: 0x559f3e3d 2498.2eb4: Image Version: 10.0 2498.2eb4: SizeOfImage: 0x17000 (94208) 2498.2eb4: Resource Dir: 0x16000 LB 0x3f0 2498.2eb4: ProductName: Microsoft® Windows® Operating System 2498.2eb4: ProductVersion: 10.0.10240.16384 2498.2eb4: FileVersion: 10.0.10240.16384 (th1.150709-1700) 2498.2eb4: FileDescription: ApiSet Schema DLL 2498.2eb4: NtOpenDirectoryObject failed on \Driver: 0xc0000022 2498.2eb4: supR3HardenedWinFindAdversaries: 0x100 2498.2eb4: \SystemRoot\System32\drivers\avgrkx64.sys: 2498.2eb4: CreationTime: 2015-03-20T10:18:18.000000000Z 2498.2eb4: LastWriteTime: 2015-03-20T10:18:18.000000000Z 2498.2eb4: ChangeTime: 2015-09-25T06:34:23.860789900Z 2498.2eb4: FileAttributes: 0x20 2498.2eb4: Size: 0x9fe0 2498.2eb4: NT Headers: 0xe8 2498.2eb4: Timestamp: 0x550bf3e7 2498.2eb4: Machine: 0x8664 - amd64 2498.2eb4: Timestamp: 0x550bf3e7 2498.2eb4: Image Version: 6.2 2498.2eb4: SizeOfImage: 0xa000 (40960) 2498.2eb4: Resource Dir: 0x9000 LB 0x510 2498.2eb4: ProductName: AVG Internet Security 2498.2eb4: ProductVersion: 15.0.0.5908 2498.2eb4: FileVersion: 15.0.0.5908 2498.2eb4: SpecialBuild: AvCompile_2015_0320_111532(5908), SVNRev 18c4578e1c294cb8006a179b834157155925d4af (release/SmallUpdate2015-04_beta), av 2498.2eb4: PrivateBuild: x64 Release_Unicode_DRIVER 2498.2eb4: FileDescription: AVG Anti-Rootkit Driver 2498.2eb4: \SystemRoot\System32\drivers\avgmfx64.sys: 2498.2eb4: CreationTime: 2015-08-04T09:32:32.000000000Z 2498.2eb4: LastWriteTime: 2015-08-04T09:32:32.000000000Z 2498.2eb4: ChangeTime: 2015-09-25T06:34:25.407743600Z 2498.2eb4: FileAttributes: 0x20 2498.2eb4: Size: 0x3d3b0 2498.2eb4: NT Headers: 0xe0 2498.2eb4: Timestamp: 0x55c086ac 2498.2eb4: Machine: 0x8664 - amd64 2498.2eb4: Timestamp: 0x55c086ac 2498.2eb4: Image Version: 6.2 2498.2eb4: SizeOfImage: 0x3e000 (253952) 2498.2eb4: Resource Dir: 0x3c000 LB 0x52c 2498.2eb4: ProductName: AVG Internet Security 2498.2eb4: ProductVersion: 15.0.0.6132 2498.2eb4: FileVersion: 15.0.0.6132 2498.2eb4: SpecialBuild: AvCompile_2015_0804_112815(6132), SVNRev cbac1c769cb9b6888db1f1065b4133bf3c9ce40f (release/SmallUpdate2015-08_beta), av 2498.2eb4: PrivateBuild: x64 Release_Unicode_DRIVER 2498.2eb4: FileDescription: AVG Resident Shield Minifilter Driver 2498.2eb4: \SystemRoot\System32\drivers\avgidsdrivera.sys: 2498.2eb4: CreationTime: 2015-08-19T09:52:30.000000000Z 2498.2eb4: LastWriteTime: 2015-08-19T09:52:30.000000000Z 2498.2eb4: ChangeTime: 2015-09-25T06:34:26.104269300Z 2498.2eb4: FileAttributes: 0x20 2498.2eb4: Size: 0x4c7b0 2498.2eb4: NT Headers: 0xe8 2498.2eb4: Timestamp: 0x55d451da 2498.2eb4: Machine: 0x8664 - amd64 2498.2eb4: Timestamp: 0x55d451da 2498.2eb4: Image Version: 6.2 2498.2eb4: SizeOfImage: 0x53000 (339968) 2498.2eb4: Resource Dir: 0x51000 LB 0x554 2498.2eb4: ProductName: AVG Internet Security 2498.2eb4: ProductVersion: 15.0.0.6137 2498.2eb4: FileVersion: 15.0.0.6137 2498.2eb4: SpecialBuild: AvCompile_2015_0819_113418(6137), SVNRev 7ade868631072664eb184732ae422a4307e58f68 (release/SmallUpdate2015-08_release), av 2498.2eb4: PrivateBuild: x64 Release_Unicode_DRIVER 2498.2eb4: FileDescription: AVG IDS Application Activity Monitor Driver. 2498.2eb4: \SystemRoot\System32\drivers\avgidsha.sys: 2498.2eb4: CreationTime: 2015-08-19T09:53:56.000000000Z 2498.2eb4: LastWriteTime: 2015-08-19T09:53:56.000000000Z 2498.2eb4: ChangeTime: 2015-09-25T06:34:26.026140600Z 2498.2eb4: FileAttributes: 0x20 2498.2eb4: Size: 0x48bb0 2498.2eb4: NT Headers: 0xd8 2498.2eb4: Timestamp: 0x55d45230 2498.2eb4: Machine: 0x8664 - amd64 2498.2eb4: Timestamp: 0x55d45230 2498.2eb4: Image Version: 6.2 2498.2eb4: SizeOfImage: 0x49000 (299008) 2498.2eb4: Resource Dir: 0x47000 LB 0x548 2498.2eb4: ProductName: AVG Internet Security 2498.2eb4: ProductVersion: 15.0.0.6137 2498.2eb4: FileVersion: 15.0.0.6137 2498.2eb4: SpecialBuild: AvCompile_2015_0819_113418(6137), SVNRev 7ade868631072664eb184732ae422a4307e58f68 (release/SmallUpdate2015-08_release), av 2498.2eb4: PrivateBuild: x64 Release_Unicode_DRIVER 2498.2eb4: FileDescription: AVG Application Activity Monitor Helper Driver 2498.2eb4: \SystemRoot\System32\drivers\avgloga.sys: 2498.2eb4: CreationTime: 2015-05-07T11:50:22.000000000Z 2498.2eb4: LastWriteTime: 2015-05-07T11:50:22.000000000Z 2498.2eb4: ChangeTime: 2015-09-25T06:34:23.767034300Z 2498.2eb4: FileAttributes: 0x20 2498.2eb4: Size: 0x5c5e0 2498.2eb4: NT Headers: 0xf0 2498.2eb4: Timestamp: 0x554b5179 2498.2eb4: Machine: 0x8664 - amd64 2498.2eb4: Timestamp: 0x554b5179 2498.2eb4: Image Version: 6.2 2498.2eb4: SizeOfImage: 0x5b000 (372736) 2498.2eb4: Resource Dir: 0x59000 LB 0x4ec 2498.2eb4: ProductName: AVG Internet Security 2498.2eb4: ProductVersion: 15.0.0.5957 2498.2eb4: FileVersion: 15.0.0.5957 2498.2eb4: SpecialBuild: AvCompile_2015_0507_134328(5957), SVNRev bcddc515e1405c8e35481b16de334020e451ec3e (release/HotFix2015-05), av 2498.2eb4: PrivateBuild: x64 Release_Unicode_DRIVER 2498.2eb4: FileDescription: AVG Logging Driver 2498.2eb4: \SystemRoot\System32\drivers\avgldx64.sys: 2498.2eb4: CreationTime: 2015-06-16T13:55:04.000000000Z 2498.2eb4: LastWriteTime: 2015-06-16T13:55:04.000000000Z 2498.2eb4: ChangeTime: 2015-09-25T06:34:23.970170200Z 2498.2eb4: FileAttributes: 0x20 2498.2eb4: Size: 0x3f3e0 2498.2eb4: NT Headers: 0xe0 2498.2eb4: Timestamp: 0x55802aaf 2498.2eb4: Machine: 0x8664 - amd64 2498.2eb4: Timestamp: 0x55802aaf 2498.2eb4: Image Version: 6.2 2498.2eb4: SizeOfImage: 0x42000 (270336) 2498.2eb4: Resource Dir: 0x40000 LB 0x50c 2498.2eb4: ProductName: AVG Internet Security 2498.2eb4: ProductVersion: 15.0.0.6055 2498.2eb4: FileVersion: 15.0.0.6055 2498.2eb4: SpecialBuild: AvCompile_2015_0616_154836(6055), SVNRev 309d50c06d2885375935ac1c0a79cdb255cb7045 (release/SmallUpdate2015-06_beta), av 2498.2eb4: PrivateBuild: x64 Release_Unicode_DRIVER 2498.2eb4: FileDescription: AVG AVI Loader Driver 2498.2eb4: \SystemRoot\System32\drivers\avgdiska.sys: 2498.2eb4: CreationTime: 2015-03-11T10:16:06.000000000Z 2498.2eb4: LastWriteTime: 2015-03-11T10:16:06.000000000Z 2498.2eb4: ChangeTime: 2015-09-25T06:34:26.307403800Z 2498.2eb4: FileAttributes: 0x20 2498.2eb4: Size: 0x27be0 2498.2eb4: NT Headers: 0xe0 2498.2eb4: Timestamp: 0x550015e3 2498.2eb4: Machine: 0x8664 - amd64 2498.2eb4: Timestamp: 0x550015e3 2498.2eb4: Image Version: 6.2 2498.2eb4: SizeOfImage: 0x29000 (167936) 2498.2eb4: Resource Dir: 0x27000 LB 0x4e0 2498.2eb4: ProductName: AVG Internet Security 2498.2eb4: ProductVersion: 15.0.0.5902 2498.2eb4: FileVersion: 15.0.0.5902 2498.2eb4: SpecialBuild: AvCompile_2015_0311_110513(5902), SVNRev d57888a6d0541615b2b2c643813a0b67abc3acba (av/devel), av 2498.2eb4: PrivateBuild: x64 Release_Unicode_DRIVER 2498.2eb4: FileDescription: AVG File Vault Driver 2498.2eb4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 2498.2eb4: Calling main() 2498.2eb4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 2498.2eb4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 2498.2eb4: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe) 2498.2eb4: SUPR3HardenedMain: Final process, opening VBoxDrv... 2498.2eb4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000de0000 LB 0x400000) 2498.2eb4: supR3HardNtEnableThreadCreation: 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc341c0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc341c0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc341c0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc341c0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wintrust.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wintrust.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume5\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'msasn1.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\crypt32.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\crypt32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume5\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msasn1.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msasn1.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcrt.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcrt.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume5\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc41fc0000 LB 0x0009d000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3f600000 LB 0x00011000 C:\WINDOWS\system32\MSASN1.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3fe10000 LB 0x001c1000 C:\WINDOWS\system32\CRYPT32.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc41e90000 LB 0x00126000 C:\WINDOWS\system32\RPCRT4.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc401c0000 LB 0x00054000 C:\WINDOWS\system32\Wintrust.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc401c0000 'C:\WINDOWS\system32\Wintrust.dll' 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\bcrypt.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\bcrypt.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3f4b0000 LB 0x00028000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3f4b0000 'C:\WINDOWS\system32\bcrypt.dll' 2498.2eb4: bcrypt.dll loaded at 00007ffc3f4b0000, BCryptOpenAlgorithmProvider at 00007ffc3f4b4a00, preloading providers: 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3f3a0000 LB 0x0006b000 C:\WINDOWS\system32\bcryptprimitives.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3f3a0000 'C:\WINDOWS\system32\bcryptprimitives.dll' 2498.2eb4: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000001279a40) 2498.2eb4: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000127a100) 2498.2eb4: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000127a3d0) 2498.2eb4: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000127a730) 2498.2eb4: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000127b250) 2498.2eb4: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000127b560) 2498.2eb4: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=000000000127b870) 2498.2eb4: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=000000000127bb40) 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc401c0000 'C:\Windows\System32\WINTRUST.DLL' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc401c0000 'C:\Windows\System32\WINTRUST.DLL' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc401c0000 'C:\Windows\System32\WINTRUST.DLL' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc401c0000 'C:\Windows\System32\WINTRUST.DLL' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc401c0000 'C:\Windows\System32\WINTRUST.DLL' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc401c0000 'C:\Windows\System32\WINTRUST.DLL' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc401c0000 'C:\Windows\System32\WINTRUST.DLL' 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\cryptsp.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cryptsp.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3ee20000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\rsaenh.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\rsaenh.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3ea00000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\cryptbase.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cryptbase.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3ef90000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc426a0000 'C:\WINDOWS\system32\kernel32.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc401c0000 'C:\Windows\System32\WINTRUST.DLL' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\CRYPT32.dll' 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc403d0000 LB 0x0001c000 C:\WINDOWS\system32\imagehlp.dll [fFlags=0x0] 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\imagehlp.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\imagehlp.dll 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc42640000 LB 0x0005b000 C:\WINDOWS\system32\sechost.dll [fFlags=0x0] 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\sechost.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\sechost.dll 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\gpapi.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\gpapi.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3e4a0000 LB 0x00023000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gpapi.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3f580000 LB 0x00013000 C:\WINDOWS\system32\profapi.dll [fFlags=0x0] 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\profapi.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\profapi.dll 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'wldap32.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\cryptnet.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cryptnet.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume5\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\Wldap32.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\Wldap32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume5\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc42a80000 LB 0x0005b000 C:\WINDOWS\system32\WLDAP32.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\Wldap32.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc267b0000 LB 0x0002f000 C:\WINDOWS\system32\cryptnet.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc267b0000 'C:\WINDOWS\system32\cryptnet.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc267b0000 'C:\WINDOWS\system32\cryptnet.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc267b0000 'C:\WINDOWS\system32\cryptnet.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc267b0000 'C:\WINDOWS\system32\cryptnet.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc267b0000 'C:\WINDOWS\system32\cryptnet.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc267b0000 'C:\WINDOWS\system32\cryptnet.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc267b0000 'C:\WINDOWS\system32\cryptnet.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc267b0000 'C:\WINDOWS\system32\cryptnet.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc267b0000 'C:\WINDOWS\system32\cryptnet.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc267b0000 'C:\WINDOWS\system32\cryptnet.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc267b0000 'C:\WINDOWS\system32\cryptnet.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc267b0000 'C:\WINDOWS\system32\cryptnet.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc267b0000 'C:\Windows\System32\cryptnet.dll' 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc40520000 LB 0x000a6000 C:\WINDOWS\system32\advapi32.dll [fFlags=0x0] 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\advapi32.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\advapi32.dll 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume5\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\sechost.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000012bca70 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012bca70 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=311B4CDD9B998ED36E8EA94DCB004D809301CC36 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41e90000 'C:\WINDOWS\system32\rpcrt4.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc401c0000 'C:\Windows\System32\WINTRUST.DLL' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc401c0000 'C:\Windows\System32\WINTRUST.DLL' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc401c0000 'C:\Windows\System32\WINTRUST.DLL' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc401c0000 'C:\Windows\System32\WINTRUST.DLL' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc401c0000 'C:\Windows\System32\WINTRUST.DLL' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc401c0000 'C:\Windows\System32\WINTRUST.DLL' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc401c0000 'C:\Windows\System32\WINTRUST.DLL' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_555_for_KB3081455~31bf3856ad364e35~amd64~~10.0.1.3.cat'; file='\SystemRoot\System32\ntdll.dll' 2498.2eb4: g_pfnWinVerifyTrust=00007ffc401c8890 2498.2eb4: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [redoing WinVerifyTrust] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\crypt32.dll' 2498.2eb4: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [redoing WinVerifyTrust] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\wintrust.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000380 pwszName=\Device\HarddiskVolume5\Windows\System32\Wldap32.dll 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012bca70 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012bca70 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3E30C00BB3189B639214835B4F4C320DEC5BFA77 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-ds-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume5\Windows\System32\Wldap32.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\Wldap32.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000037c pwszName=\Device\HarddiskVolume5\Windows\System32\cryptnet.dll 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012bca70 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012bca70 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5997BB270A09A76A71A9EE8A7ADB154F3D75EEF3 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-ds-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume5\Windows\System32\cryptnet.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\cryptnet.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\profapi.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\gpapi.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\sechost.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\imagehlp.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\cryptbase.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\cryptsp.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\bcrypt.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\msasn1.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\KernelBase.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\kernel32.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x987869d3679da00 CN=ClockworkMod 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x5fc0d803a95dc700 C=CZ, ST=Moravia, L=Brno, O=AVG Technologies cz, OU=Engineering, CN=AVG Technologies 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp. 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x9b24d19bd616cb00 CN=localhost, O=Skype Click to Call, OU=Skype Click to Call 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x3178d37f87f1c400 C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xff3891b54348328 C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x6e2ba21058eedf00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2262f09375bd00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048) 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xdd80d271558fb700 O=RSA Security Inc, OU=RSA Security 2048 V3 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xe66b56ffc86e50a4 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, Email=server-certs@thawte.com 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3 2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root 2498.2eb4: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=54 2498.2eb4: SUPR3HardenedMain: Load Runtime... 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'nsi.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ws2_32.dll) WinVerifyTrust 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ws2_32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume5\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\nsi.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\nsi.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\nsi.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01: [calling] 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust] 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 0000000058b90000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust] 2498.2eb4: supR3HardenedDllNotificationCallback: load 0000000058af0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc40610000 LB 0x00008000 C:\WINDOWS\system32\NSI.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\nsi.dll [avoiding WinVerifyTrust] 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc403f0000 LB 0x00069000 C:\WINDOWS\system32\WS2_32.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc11e00000 LB 0x0054b000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll 2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\nsi.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\nsi.dll' [rescheduled] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc401c0000 'C:\WINDOWS\system32\Wintrust.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: SUPR3HardenedMain: Load TrustedMain... 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'user32.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\winmm.dll) WinVerifyTrust 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\winmm.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume5\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003c8 pwszName=\Device\HarddiskVolume5\Windows\System32\comdlg32.dll 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012bca70 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012bca70 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=857477BEC0F0F69A9C4898B3680E207E94733C3F 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\user32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\user32.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\user32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008] 2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\winmmbase.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'devobj.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\winmmbase.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\winmmbase.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume5\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008] 2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\devobj.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'cfgmgr32.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\devobj.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\devobj.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\gdi32.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\gdi32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_207_for_KB3074683~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\Device\HarddiskVolume5\Windows\System32\comdlg32.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'user32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'shlwapi.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'gdi32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'comctl32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'shell32.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\comdlg32.dll) WinVerifyTrust 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\comdlg32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\shell32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #64 'user32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #66 'gdi32.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\shell32.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\shell32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\comctl32.dll' [rcNtRedir=0x0] 2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\comctl32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\comctl32.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\comctl32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'gdi32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\shlwapi.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\shlwapi.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\oleaut32.dll) WinVerifyTrust 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\oleaut32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\combase.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\combase.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\combase.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ole32.dll) WinVerifyTrust 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ole32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll [redoing WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\shell32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [redoing WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [redoing WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\user32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008] 2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008] 2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\opengl32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\opengl32.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\opengl32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume5\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008] 2498.2eb4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\ddraw.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'user32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'gdi32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'dciman32.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\ddraw.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ddraw.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume5\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\glu32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\glu32.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\glu32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume5\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008] 2498.2eb4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\winspool.drv'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'bcrypt.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\winspool.drv) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\winspool.drv 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume5\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\imm32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'msctf.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\imm32.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\imm32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume5\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\comdlg32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume5\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008] 2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msctf.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'imm32.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msctf.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msctf.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume5\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\dciman32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\dciman32.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\dciman32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume5\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imm32.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll) WinVerifyTrust 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [redoing WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [redoing WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll [redoing WinVerifyTrust] 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000450 pwszName=\Device\HarddiskVolume5\Windows\System32\opengl32.dll 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012bca70 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012bca70 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5F0CC8DA0E67C8C01864C0783FA867C4BDCE0AAA 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume5\Windows\System32\opengl32.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 2498.2eb4: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01: [calling] 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.dll 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\glu32.dll [avoiding WinVerifyTrust] 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\ddraw.dll [avoiding WinVerifyTrust] 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\winspool.drv [avoiding WinVerifyTrust] 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust] 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\dciman32.dll [avoiding WinVerifyTrust] 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\devobj.dll [avoiding WinVerifyTrust] 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc42340000 LB 0x0014e000 C:\WINDOWS\system32\USER32.dll [fFlags=0x0] 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc421b0000 LB 0x00186000 C:\WINDOWS\system32\GDI32.dll [fFlags=0x0] 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc28450000 LB 0x00008000 C:\WINDOWS\SYSTEM32\DCIMAN32.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\dciman32.dll [avoiding WinVerifyTrust] 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc28130000 LB 0x000f6000 C:\WINDOWS\SYSTEM32\DDRAW.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\ddraw.dll [avoiding WinVerifyTrust] 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc28460000 LB 0x0002e000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\glu32.dll [avoiding WinVerifyTrust] 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc28230000 LB 0x00128000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc42750000 LB 0x0027c000 C:\WINDOWS\system32\combase.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll [avoiding WinVerifyTrust] 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc42060000 LB 0x00141000 C:\WINDOWS\system32\ole32.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 0000000058810000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3fd00000 LB 0x000b3000 C:\WINDOWS\system32\shcore.dll [fFlags=0x0] 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'combase.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\SHCore.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\SHCore.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc42490000 LB 0x00051000 C:\WINDOWS\system32\shlwapi.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust] 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc2f1a0000 LB 0x000aa000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\COMCTL32.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll [avoiding WinVerifyTrust] 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3f5f0000 LB 0x0000f000 C:\WINDOWS\system32\kernel.appcore.dll [fFlags=0x0] 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel.appcore.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel.appcore.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3f5a0000 LB 0x0004a000 C:\WINDOWS\system32\powrprof.dll [fFlags=0x0] 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\powrprof.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\powrprof.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3f620000 LB 0x00629000 C:\WINDOWS\system32\windows.storage.dll [fFlags=0x0] 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'combase.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #64 'profapi.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\windows.storage.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\windows.storage.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc40620000 LB 0x01522000 C:\WINDOWS\system32\SHELL32.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc42560000 LB 0x000d7000 C:\WINDOWS\system32\COMDLG32.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\comdlg32.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc40460000 LB 0x000be000 C:\WINDOWS\system32\OLEAUT32.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc41d30000 LB 0x0015c000 C:\WINDOWS\system32\MSCTF.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msctf.dll [avoiding WinVerifyTrust] 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc405d0000 LB 0x00036000 C:\WINDOWS\system32\IMM32.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imm32.dll [avoiding WinVerifyTrust] 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3fdc0000 LB 0x00044000 C:\WINDOWS\system32\cfgmgr32.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust] 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3def0000 LB 0x00027000 C:\WINDOWS\SYSTEM32\DEVOBJ.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\devobj.dll [avoiding WinVerifyTrust] 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3dba0000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust] 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3dbd0000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc2ef60000 LB 0x00084000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\winspool.drv [avoiding WinVerifyTrust] 2498.2eb4: supR3HardenedDllNotificationCallback: load 0000000057ea0000 LB 0x0096c000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 00000000593d0000 LB 0x00105000 C:\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 0000000058e40000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc0fe20000 LB 0x00ab9000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.dll 2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\windows.storage.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\windows.storage.dll' [rescheduled] 2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\powrprof.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\powrprof.dll' [rescheduled] 2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\kernel.appcore.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\kernel.appcore.dll' [rescheduled] 2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\SHCore.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\SHCore.dll' [rescheduled] 2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll' [rescheduled] 2498.2eb4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\dciman32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\dciman32.dll' [rescheduled] 2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msctf.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\msctf.dll' [rescheduled] 2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\imm32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\imm32.dll' [rescheduled] 2498.2eb4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\winspool.drv'. 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\winspool.drv' [rescheduled] 2498.2eb4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\glu32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\glu32.dll' [rescheduled] 2498.2eb4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\ddraw.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\ddraw.dll' [rescheduled] 2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\combase.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rescheduled] 2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll' [rescheduled] 2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\comctl32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\comctl32.dll' [rescheduled] 2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll' [rescheduled] 2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\devobj.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\devobj.dll' [rescheduled] 2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\winmmbase.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\winmmbase.dll' [rescheduled] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imm32.dll [redoing WinVerifyTrust] 2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\imm32.dll'. 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume5\Windows\System32\imm32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\profapi.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll [redoing WinVerifyTrust] 2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\combase.dll'. 2498.2eb4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume5\Windows\System32\combase.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll [redoing WinVerifyTrust] 2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\combase.dll'. 2498.2eb4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume5\Windows\System32\combase.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405d0000 'C:\WINDOWS\system32\imm32.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc0fe20000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll' 2498.2eb4: SUPR3HardenedMain: Calling TrustedMain (00007ffc0fe21910)... 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3dbd0000 'C:\WINDOWS\system32\winmm.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005fc pwszName=\Device\HarddiskVolume5\Windows\System32\uxtheme.dll 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012bca70 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012bca70 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3717D376EF95470D8C03AD02F97C4DCBCE269CF8 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_205_for_KB3074683~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\Device\HarddiskVolume5\Windows\System32\uxtheme.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\uxtheme.dll) WinVerifyTrust 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\uxtheme.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3de50000 LB 0x00096000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3de50000 'C:\WINDOWS\system32\uxtheme.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000654 pwszName=\Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\ink\tiptsf.dll 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012bca70 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012bca70 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=09FF5B072B6B78D02C4955C2161A8E11ABD90FFC 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-TabletPC-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\ink\tiptsf.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'user32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'msctf.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\ink\tiptsf.dll) WinVerifyTrust 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\ink\tiptsf.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume5\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msctf.dll [redoing WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\msctf.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\ink\tiptsf.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc2f970000 LB 0x000a2000 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\ink\tiptsf.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2f970000 'C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll' 2498.2eb4: \Device\HarddiskVolume5\Program Files (x86)\TeamViewer\tv_x64.dll: Owner is administrators group. 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'version.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comctl32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'shell32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files (x86)\TeamViewer\tv_x64.dll) WinVerifyTrust 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files (x86)\TeamViewer\tv_x64.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\comctl32.dll' [rcNtRedir=0x0] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\comctl32.dll [redoing WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\comctl32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume5\Windows\System32\version.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\version.dll) WinVerifyTrust 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\version.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\TeamViewer\tv_x64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files (x86)\TeamViewer\tv_x64.dll 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\version.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc34ac0000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\VERSION.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\version.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc267e0000 LB 0x00048000 C:\Program Files (x86)\TeamViewer\tv_x64.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files (x86)\TeamViewer\tv_x64.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc267e0000 'C:\Program Files (x86)\TeamViewer\tv_x64.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc40520000 'C:\WINDOWS\system32\advapi32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'gdi32.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\dwmapi.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\dwmapi.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3d090000 LB 0x00022000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust] 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006ac pwszName=\Device\HarddiskVolume5\Windows\System32\dwmapi.dll 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012bca70 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012bca70 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=71451274041047D99462EA805D3FAD1A9E10F86D 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_42_for_KB3074683~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\Device\HarddiskVolume5\Windows\System32\dwmapi.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc40620000 'C:\WINDOWS\system32\shell32.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc426a0000 'C:\WINDOWS\system32\kernel32.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3de50000 'C:\WINDOWS\system32\uxtheme.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3de50000 'C:\WINDOWS\system32\uxtheme.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc42340000 'C:\WINDOWS\system32\user32.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3de50000 'C:\WINDOWS\system32\uxtheme.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc42340000 'C:\WINDOWS\system32\user32.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc40520000 'C:\WINDOWS\system32\advapi32.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'profapi.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\userenv.dll) WinVerifyTrust 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\userenv.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\profapi.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\userenv.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3ecd0000 LB 0x0001f000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\userenv.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ecd0000 'C:\WINDOWS\system32\userenv.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc426a0000 'C:\WINDOWS\system32\kernel32.dll' 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc429d0000 LB 0x000a5000 C:\WINDOWS\system32\clbcatq.dll [fFlags=0x0] 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\clbcatq.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\clbcatq.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\clbcatq.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.173c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 2498.173c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 2498.173c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'psapi.dll'. 2498.173c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'. 2498.173c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. 2498.173c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'version.dll'. 2498.173c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'. 2498.173c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'. 2498.173c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'. 2498.173c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust 2498.173c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll 2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 2498.173c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll 2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 2498.173c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll 2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 2498.173c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll 2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'... 2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume5\Windows\System32\version.dll' [rcNtRedir=0xc0150008] 2498.173c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\version.dll 2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'... 2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008] 2498.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.173c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\psapi.dll) WinVerifyTrust 2498.173c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\psapi.dll 2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 2498.173c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll 2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 2498.173c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll 2498.173c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 2498.173c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll 2498.173c: supR3HardenedDllNotificationCallback: load 00007ffc42ae0000 LB 0x00008000 C:\WINDOWS\system32\PSAPI.DLL [fFlags=0x0] 2498.173c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\psapi.dll 2498.173c: supR3HardenedDllNotificationCallback: load 00007ffc26040000 LB 0x005d7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0] 2498.173c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll 2498.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc26040000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll' 2498.173c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll 2498.173c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 2498.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc40460000 'C:\Windows\System32\oleaut32.dll' 2498.173c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\sxs.dll) 2498.173c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\sxs.dll 2498.173c: supR3HardenedDllNotificationCallback: load 00007ffc3f410000 LB 0x00098000 C:\WINDOWS\SYSTEM32\sxs.dll [fFlags=0x0] 2498.173c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\sxs.dll [avoiding WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\sxs.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc40460000 'C:\WINDOWS\system32\OLEAUT32.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc421b0000 'C:\WINDOWS\system32\gdi32.dll' 2498.1074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.1074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.1074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.1074: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 2498.1074: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 2498.1074: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll) WinVerifyTrust 2498.1074: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll 2498.1074: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 2498.1074: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 2498.1074: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 2498.1074: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 2498.1074: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.1074: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll 2498.1074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000139 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc42340000 'C:\WINDOWS\system32\user32.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc40620000 'C:\WINDOWS\system32\shell32.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bc8 pwszName=\Device\HarddiskVolume5\Windows\System32\DataExchange.dll 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012bca70 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012bca70 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=030BB80F5AC7982FF01AB351589D64E6D4167B3E 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-AppRuntime-shell-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume5\Windows\System32\DataExchange.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd2d1.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'd3d11.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'dcomp.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\DataExchange.dll) WinVerifyTrust 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\DataExchange.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume5\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\dcomp.dll) WinVerifyTrust 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\dcomp.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume5\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'dxgi.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\d3d11.dll) WinVerifyTrust 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\d3d11.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd2d1.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'd2d1.dll' -> '\Device\HarddiskVolume5\Windows\System32\d2d1.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ba0 pwszName=\Device\HarddiskVolume5\Windows\System32\d2d1.dll 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012bca70 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012bca70 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CA1A7323788F698339FF353F1BA100EF7C556D74 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume5\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008] 2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\dxgi.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\dxgi.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\dxgi.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-Graphics-DirectX-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume5\Windows\System32\d2d1.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\d2d1.dll) WinVerifyTrust 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\d2d1.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll [redoing WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\combase.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume5\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\SHCore.dll [redoing WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\SHCore.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\DataExchange.dll 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\d2d1.dll 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\d3d11.dll 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dcomp.dll 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dxgi.dll [avoiding WinVerifyTrust] 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc36b90000 LB 0x00545000 C:\WINDOWS\system32\d2d1.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\d2d1.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3caa0000 LB 0x0009c000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dxgi.dll [avoiding WinVerifyTrust] 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3cb40000 LB 0x002a3000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\d3d11.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3d7e0000 LB 0x000d1000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dcomp.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc2b290000 LB 0x00046000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\DataExchange.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2b290000 'C:\WINDOWS\system32\dataexchange.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\dxgi.dll' 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'userenv.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'bcrypt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'combase.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\twinapi.appcore.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\twinapi.appcore.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3df40000 LB 0x000ee000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume5\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\userenv.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\twinapi.appcore.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc426a0000 'C:\WINDOWS\system32\kernel32.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dwmapi.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d090000 'C:\WINDOWS\system32\dwmapi.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3de50000 'C:\WINDOWS\system32\uxtheme.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc42340000 'C:\WINDOWS\system32\user32.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc42060000 'C:\WINDOWS\system32\ole32.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc40460000 'C:\WINDOWS\system32\OLEAUT32.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c94 pwszName=\Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012bca70 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012bca70 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AA7BAB6C49E4A06208A6E0EE146D0A4385100231 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ca4 pwszName=\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012bca70 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012bca70 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8589CB867869E61D2D0DD902D9F24828D41B3FB4 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll) WinVerifyTrust 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wbemcomn.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbemcomn.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc371f0000 LB 0x0007f000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbemcomn.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc341f0000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ffe0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc341f0000 'C:\WINDOWS\system32\wbem\wbemprox.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c38 pwszName=\Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012bca70 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012bca70 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F55A40FEDA5AB0854F7A2A7AE88B827B3F76303B 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc33a10000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc33a10000 'C:\WINDOWS\system32\wbem\wbemsvc.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ffe0000 'api-ms-win-core-localization-l1-2-0.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ffe0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c44 pwszName=\Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012bca70 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012bca70 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E360AD530F1A62ACF9003C6FE3BA6BBD7638D488 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll) WinVerifyTrust 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbemcomn.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc33d30000 LB 0x000f8000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc33d30000 'C:\WINDOWS\system32\wbem\fastprox.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d24 pwszName=\Device\HarddiskVolume5\Windows\System32\UIAutomationCore.dll 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012bca70 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012bca70 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=16E6BFDCA13CB7F51A7C251687D263D303321EBA 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_181_for_KB3081444~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\Device\HarddiskVolume5\Windows\System32\UIAutomationCore.dll' 2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'userenv.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\UIAutomationCore.dll) WinVerifyTrust 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\UIAutomationCore.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume5\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\userenv.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\uiautomationcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\UIAutomationCore.dll 2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc36540000 LB 0x0014c000 C:\Windows\System32\uiautomationcore.dll [fFlags=0x0] 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\UIAutomationCore.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36540000 'C:\Windows\System32\uiautomationcore.dll' 2498.173c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\UIAutomationCore.dll 2498.173c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\UIAutomationCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 2498.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36540000 'C:\Windows\System32\UIAutomationCore.dll' 2498.199c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.199c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 2498.199c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'. 2498.199c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 2498.199c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust 2498.199c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll 2498.199c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 2498.199c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 2498.199c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'... 2498.199c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008] 2498.199c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.199c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'. 2498.199c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 2498.199c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'. 2498.199c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust 2498.199c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxREM.dll 2498.199c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 2498.199c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 2498.199c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2498.199c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2498.199c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 2498.199c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 2498.199c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll 2498.199c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 2498.199c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 2498.199c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.199c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll 2498.199c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxREM.dll 2498.199c: supR3HardenedDllNotificationCallback: load 0000000058d30000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0] 2498.199c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxREM.dll 2498.199c: supR3HardenedDllNotificationCallback: load 00007ffc11510000 LB 0x00293000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0] 2498.199c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll 2498.199c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11510000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL' 2498.288c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ndis.sys'. 2498.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ntoskrnl.exe'. 2498.288c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\drivers\VBoxNetAdp6.sys) 2498.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\drivers\VBoxNetAdp6.sys 2498.288c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\drivers\VBoxNetAdp6.sys [avoiding WinVerifyTrust] 2498.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 2498.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'. 2498.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'. 2498.288c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\drivers\VBoxNetLwf.sys) 2498.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\drivers\VBoxNetLwf.sys 2498.288c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\drivers\VBoxNetLwf.sys [avoiding WinVerifyTrust] 2498.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 2498.288c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\drivers\VBoxUSBMon.sys) 2498.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\drivers\VBoxUSBMon.sys 2498.288c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\drivers\VBoxUSBMon.sys [avoiding WinVerifyTrust] 2498.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 2498.288c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\drivers\VBoxDrv.sys) 2498.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\drivers\VBoxDrv.sys 2498.288c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\drivers\VBoxDrv.sys [avoiding WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'hal.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'pshed.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'bootvid.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'kdcom.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ci.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'msrpc.sys'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume5\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008] 2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\drivers\netio.sys'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msrpc.sys'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\drivers\netio.sys) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\drivers\netio.sys 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume5\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008] 2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\drivers\ndis.sys'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'wpprecorder.sys'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\drivers\ndis.sys) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\drivers\ndis.sys 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume5\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\drivers\ndis.sys [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wpprecorder.sys'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wpprecorder.sys' -> '\Device\HarddiskVolume5\Windows\System32\drivers\wpprecorder.sys' [rcNtRedir=0xc0150008] 2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\drivers\WppRecorder.sys'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\drivers\WppRecorder.sys) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\drivers\WppRecorder.sys 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume5\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\drivers\netio.sys [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume5\Windows\System32\hal.dll' [rcNtRedir=0xc0150008] 2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\hal.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'kdcom.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'pshed.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\hal.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\hal.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msrpc.sys' -> '\Device\HarddiskVolume5\Windows\System32\drivers\msrpc.sys' [rcNtRedir=0xc0150008] 2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\drivers\msrpc.sys'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\drivers\msrpc.sys) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\drivers\msrpc.sys 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume5\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\drivers\ndis.sys [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msrpc.sys' 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ci.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ci.dll' -> '\Device\HarddiskVolume5\Windows\System32\ci.dll' [rcNtRedir=0xc0150008] 2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\ci.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ci.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ci.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume5\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008] 2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\kdcom.dll'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kdcom.dll) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kdcom.dll 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bootvid.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bootvid.dll' -> '\Device\HarddiskVolume5\Windows\System32\bootvid.dll' [rcNtRedir=0xc0150008] 2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\BOOTVID.DLL'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\BOOTVID.DLL) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\BOOTVID.DLL 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume5\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008] 2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\PSHED.DLL'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'. 2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\PSHED.DLL) 2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\PSHED.DLL 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume5\Windows\System32\hal.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\hal.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume5\Windows\System32\hal.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\hal.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume5\Windows\System32\hal.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\hal.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume5\Windows\System32\hal.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\hal.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume5\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\PSHED.DLL [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume5\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kdcom.dll [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\drivers\VBoxDrv.sys' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\drivers\VBoxUSBMon.sys' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\drivers\VBoxNetLwf.sys' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\drivers\VBoxNetAdp6.sys' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\PSHED.DLL' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\BOOTVID.DLL' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\kdcom.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\ci.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\drivers\msrpc.sys' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\hal.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\drivers\WppRecorder.sys' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\drivers\ndis.sys' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\drivers\netio.sys' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll' 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll' 2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dwmapi.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\SYSTEM32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d090000 'C:\WINDOWS\SYSTEM32\dwmapi.dll' 2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc426a0000 'C:\WINDOWS\system32\kernel32.dll' 2498.2eb4: supR3HardenedDllNotificationCallback: Unload 00007ffc33a10000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [flags=0x0] 2498.2eb4: supR3HardenedDllNotificationCallback: Unload 00007ffc2b290000 LB 0x00046000 C:\WINDOWS\system32\dataexchange.dll [flags=0x0] 2498.2eb4: supR3HardenedDllNotificationCallback: Unload 00007ffc36b90000 LB 0x00545000 C:\WINDOWS\system32\d2d1.dll [flags=0x0] 2498.2eb4: supR3HardenedDllNotificationCallback: Unload 00007ffc3cb40000 LB 0x002a3000 C:\WINDOWS\system32\d3d11.dll [flags=0x0] 2498.2eb4: supR3HardenedDllNotificationCallback: Unload 00007ffc3caa0000 LB 0x0009c000 C:\WINDOWS\system32\dxgi.dll [flags=0x0] 2498.2eb4: supR3HardenedDllNotificationCallback: Unload 00007ffc3d7e0000 LB 0x000d1000 C:\WINDOWS\system32\dcomp.dll [flags=0x0] 2498.2eb4: supR3HardenedDllNotificationCallback: Unload 00007ffc3df40000 LB 0x000ee000 C:\WINDOWS\system32\twinapi.appcore.dll [flags=0x0] 2498.2eb4: supR3HardenedDllNotificationCallback: Unload 00007ffc33d30000 LB 0x000f8000 C:\WINDOWS\system32\wbem\fastprox.dll [flags=0x0] 2498.2eb4: supR3HardenedDllNotificationCallback: Unload 00007ffc341f0000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [flags=0x0] 2498.2eb4: supR3HardenedDllNotificationCallback: Unload 00007ffc371f0000 LB 0x0007f000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [flags=0x0] 2498.2eb4: supR3HardenedDllNotificationCallback: Unload 00007ffc26040000 LB 0x005d7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0] 2498.2eb4: supR3HardenedDllNotificationCallback: Unload 00007ffc42ae0000 LB 0x00008000 C:\WINDOWS\system32\PSAPI.DLL [flags=0x0] 2498.2eb4: Terminating the normal way: rcExit=1 26dc.3020: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 13673 ms, the end); a70.1c88: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 14720 ms, the end);