Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 20e0.1054: Log file opened: 5.0.0_BETA4r100374 g_hStartupLog=0000000000000058 g_uNtVerCombined=0xa0275a00
- 20e0.1054: \SystemRoot\System32\ntdll.dll:
- 20e0.1054: CreationTime: 2015-04-25T03:16:09.483018400Z
- 20e0.1054: LastWriteTime: 2015-04-25T03:16:09.514268400Z
- 20e0.1054: ChangeTime: 2015-04-30T13:25:31.674070200Z
- 20e0.1054: FileAttributes: 0x20
- 20e0.1054: Size: 0x1ba428
- 20e0.1054: NT Headers: 0xe8
- 20e0.1054: Timestamp: 0x553ace18
- 20e0.1054: Machine: 0x8664 - amd64
- 20e0.1054: Timestamp: 0x553ace18
- 20e0.1054: Image Version: 10.0
- 20e0.1054: SizeOfImage: 0x1bd000 (1822720)
- 20e0.1054: Resource Dir: 0x157000 LB 0x64f70
- 20e0.1054: ProductName: Microsoft® Windows® Operating System
- 20e0.1054: ProductVersion: 10.0.10074.0
- 20e0.1054: FileVersion: 10.0.10074.0 (fbl_impressive.150424-1350)
- 20e0.1054: FileDescription: NT Layer DLL
- 20e0.1054: \SystemRoot\System32\kernel32.dll:
- 20e0.1054: CreationTime: 2015-04-25T03:14:22.609869200Z
- 20e0.1054: LastWriteTime: 2015-04-25T03:14:22.609869200Z
- 20e0.1054: ChangeTime: 2015-04-30T13:25:31.486556600Z
- 20e0.1054: FileAttributes: 0x20
- 20e0.1054: Size: 0xad6e8
- 20e0.1054: NT Headers: 0xe8
- 20e0.1054: Timestamp: 0x553acf74
- 20e0.1054: Machine: 0x8664 - amd64
- 20e0.1054: Timestamp: 0x553acf74
- 20e0.1054: Image Version: 10.0
- 20e0.1054: SizeOfImage: 0xaf000 (716800)
- 20e0.1054: Resource Dir: 0xad000 LB 0x518
- 20e0.1054: ProductName: Microsoft® Windows® Operating System
- 20e0.1054: ProductVersion: 10.0.10074.0
- 20e0.1054: FileVersion: 10.0.10074.0 (fbl_impressive.150424-1350)
- 20e0.1054: FileDescription: Windows NT BASE API Client DLL
- 20e0.1054: \SystemRoot\System32\KernelBase.dll:
- 20e0.1054: CreationTime: 2015-04-25T03:16:10.279886300Z
- 20e0.1054: LastWriteTime: 2015-04-25T03:16:10.279886300Z
- 20e0.1054: ChangeTime: 2015-04-30T13:25:31.502182700Z
- 20e0.1054: FileAttributes: 0x20
- 20e0.1054: Size: 0x1d5618
- 20e0.1054: NT Headers: 0x100
- 20e0.1054: Timestamp: 0x553acf7b
- 20e0.1054: Machine: 0x8664 - amd64
- 20e0.1054: Timestamp: 0x553acf7b
- 20e0.1054: Image Version: 10.0
- 20e0.1054: SizeOfImage: 0x1d6000 (1925120)
- 20e0.1054: Resource Dir: 0x1c0000 LB 0x530
- 20e0.1054: ProductName: Microsoft® Windows® Operating System
- 20e0.1054: ProductVersion: 10.0.10074.0
- 20e0.1054: FileVersion: 10.0.10074.0 (fbl_impressive.150424-1350)
- 20e0.1054: FileDescription: Windows NT BASE API Client DLL
- 20e0.1054: \SystemRoot\System32\apisetschema.dll:
- 20e0.1054: CreationTime: 2015-04-25T03:15:36.780163800Z
- 20e0.1054: LastWriteTime: 2015-04-25T03:15:36.780163800Z
- 20e0.1054: ChangeTime: 2015-04-30T13:25:28.579914500Z
- 20e0.1054: FileAttributes: 0x20
- 20e0.1054: Size: 0x159e8
- 20e0.1054: NT Headers: 0xc8
- 20e0.1054: Timestamp: 0x553adc20
- 20e0.1054: Machine: 0x8664 - amd64
- 20e0.1054: Timestamp: 0x553adc20
- 20e0.1054: Image Version: 10.0
- 20e0.1054: SizeOfImage: 0x16000 (90112)
- 20e0.1054: Resource Dir: 0x15000 LB 0x3f8
- 20e0.1054: ProductName: Microsoft® Windows® Operating System
- 20e0.1054: ProductVersion: 10.0.10074.0
- 20e0.1054: FileVersion: 10.0.10074.0 (fbl_impressive.150424-1350)
- 20e0.1054: FileDescription: ApiSet Schema DLL
- 20e0.1054: NtOpenDirectoryObject failed on \Driver: 0xc0000022
- 20e0.1054: supR3HardenedWinFindAdversaries: 0x0
- 20e0.1054: Calling main()
- 20e0.1054: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
- 20e0.1054: SUPR3HardenedMain: Respawn #1
- 20e0.1054: System32: \Device\HarddiskVolume4\Windows\System32
- 20e0.1054: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
- 20e0.1054: KnownDllPath: C:\WINDOWS\system32
- 20e0.1054: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
- 20e0.1054: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
- 20e0.1054: supR3HardNtEnableThreadCreation:
- 20e0.1054: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbdbf24140 pvNtTerminateThread=00007ffbdbf4b550
- 20e0.1054: supR3HardenedWinDoReSpawn(1): New child b48.eac [kernel32].
- 20e0.1054: supR3HardNtChildGatherData: PebBaseAddress=00007ff7b7a3c000 cbPeb=0x388
- 20e0.1054: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffbdbec0000 uNtDllChildAddr=00007ffbdbec0000
- 20e0.1054: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffbdbf24140
- 20e0.1054: supR3HardenedWinSetupChildInit: Start child.
- 20e0.1054: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
- 20e0.1054: supR3HardNtChildPurify: Startup delay kludge #1/0: 262 ms, 30 sleeps
- 20e0.1054: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
- 20e0.1054: *0000000000000000-ffffffffffd4ffff 0x0001/0x0000 0x0000000
- 20e0.1054: *00000000002b0000-000000000028ffff 0x0004/0x0004 0x0020000
- 20e0.1054: *00000000002d0000-00000000002bcfff 0x0002/0x0002 0x0040000
- 20e0.1054: 00000000002e3000-00000000002d5fff 0x0001/0x0000 0x0000000
- 20e0.1054: *00000000002f0000-00000000001f3fff 0x0000/0x0004 0x0020000
- 20e0.1054: 00000000003ec000-00000000003e8fff 0x0104/0x0004 0x0020000
- 20e0.1054: 00000000003ef000-00000000003edfff 0x0004/0x0004 0x0020000
- 20e0.1054: *00000000003f0000-00000000003ebfff 0x0002/0x0002 0x0040000
- 20e0.1054: 00000000003f4000-00000000003e7fff 0x0001/0x0000 0x0000000
- 20e0.1054: *0000000000400000-00000000003fdfff 0x0004/0x0004 0x0020000
- 20e0.1054: 0000000000402000-ffffffff80823fff 0x0001/0x0000 0x0000000
- 20e0.1054: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
- 20e0.1054: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
- 20e0.1054: 000000007fff0000-ffff8009485cffff 0x0001/0x0000 0x0000000
- 20e0.1054: *00007ff7b7a10000-00007ff7b79ecfff 0x0002/0x0002 0x0040000
- 20e0.1054: 00007ff7b7a33000-00007ff7b7a29fff 0x0001/0x0000 0x0000000
- 20e0.1054: *00007ff7b7a3c000-00007ff7b7a3afff 0x0004/0x0004 0x0020000
- 20e0.1054: 00007ff7b7a3d000-00007ff7b7a3bfff 0x0001/0x0000 0x0000000
- 20e0.1054: *00007ff7b7a3e000-00007ff7b7a3bfff 0x0004/0x0004 0x0020000
- 20e0.1054: 00007ff7b7a40000-00007ff7b6b2ffff 0x0001/0x0000 0x0000000
- 20e0.1054: *00007ff7b8950000-00007ff7b8950fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
- 20e0.1054: 00007ff7b8951000-00007ff7b89d6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
- 20e0.1054: 00007ff7b89d7000-00007ff7b89d7fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
- 20e0.1054: 00007ff7b89d8000-00007ff7b8a21fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
- 20e0.1054: 00007ff7b8a22000-00007ff7b8a22fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
- 20e0.1054: 00007ff7b8a23000-00007ff7b8a23fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
- 20e0.1054: 00007ff7b8a24000-00007ff7b8a25fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
- 20e0.1054: 00007ff7b8a26000-00007ff7b8a26fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
- 20e0.1054: 00007ff7b8a27000-00007ff7b8a27fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
- 20e0.1054: 00007ff7b8a28000-00007ff7b8a2bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
- 20e0.1054: 00007ff7b8a2c000-00007ff7b8a75fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
- 20e0.1054: 00007ff7b8a76000-00007ff39562bfff 0x0001/0x0000 0x0000000
- 20e0.1054: *00007ffbdbec0000-00007ffbdbec0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
- 20e0.1054: 00007ffbdbec1000-00007ffbdbfbbfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
- 20e0.1054: 00007ffbdbfbc000-00007ffbdbffcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
- 20e0.1054: 00007ffbdbffd000-00007ffbdc005fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
- 20e0.1054: 00007ffbdc006000-00007ffbdc012fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
- 20e0.1054: 00007ffbdc013000-00007ffbdc013fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
- 20e0.1054: 00007ffbdc014000-00007ffbdc016fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
- 20e0.1054: 00007ffbdc017000-00007ffbdc07cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
- 20e0.1054: 00007ffbdc07d000-00007ff7b8119fff 0x0001/0x0000 0x0000000
- 20e0.1054: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
- 20e0.1054: VirtualBox.exe: timestamp 0x5559f4d1 (rc=VINF_SUCCESS)
- 20e0.1054: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
- 20e0.1054: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
- 20e0.1054: supR3HardNtChildPurify: Done after 320 ms and 0 fixes (loop #0).
- b48.eac: Log file opened: 5.0.0_BETA4r100374 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0275a00
- b48.eac: supR3HardenedVmProcessInit: uNtDllAddr=00007ffbdbec0000
- 20e0.1054: supR3HardNtEnableThreadCreation:
- b48.eac: ntdll.dll: timestamp 0x553ace18 (rc=VINF_SUCCESS)
- b48.eac: New simple heap: #1 0000000000510000 LB 0x400000 (for 1822720 allocation)
- b48.eac: System32: \Device\HarddiskVolume4\Windows\System32
- b48.eac: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
- b48.eac: KnownDllPath: C:\WINDOWS\system32
- b48.eac: supR3HardenedVmProcessInit: Opening vboxdrv stub...
- b48.eac: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
- b48.eac: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
- b48.eac: Registered Dll notification callback with NTDLL.
- b48.eac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
- b48.eac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
- b48.eac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
- b48.eac: supR3HardenedDllNotificationCallback: load 00007ffbd93c0000 LB 0x001d6000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
- b48.eac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
- b48.eac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
- b48.eac: supR3HardenedDllNotificationCallback: load 00007ffbdb3c0000 LB 0x000af000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
- b48.eac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
- b48.eac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdb3c0000 'C:\WINDOWS\system32\KERNEL32.DLL'
- b48.eac: supR3HardenedDllNotificationCallback: load 00007ff7b8950000 LB 0x00126000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
- b48.eac: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
- b48.eac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
- b48.eac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
- b48.eac: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbdbf24140 pvNtTerminateThread=00007ffbdbf4b550
- 20e0.1054: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 62 ms.
- b48.eac: \SystemRoot\System32\ntdll.dll:
- b48.eac: CreationTime: 2015-04-25T03:16:09.483018400Z
- b48.eac: LastWriteTime: 2015-04-25T03:16:09.514268400Z
- b48.eac: ChangeTime: 2015-04-30T13:25:31.674070200Z
- b48.eac: FileAttributes: 0x20
- b48.eac: Size: 0x1ba428
- b48.eac: NT Headers: 0xe8
- b48.eac: Timestamp: 0x553ace18
- b48.eac: Machine: 0x8664 - amd64
- b48.eac: Timestamp: 0x553ace18
- b48.eac: Image Version: 10.0
- b48.eac: SizeOfImage: 0x1bd000 (1822720)
- b48.eac: Resource Dir: 0x157000 LB 0x64f70
- b48.eac: ProductName: Microsoft® Windows® Operating System
- b48.eac: ProductVersion: 10.0.10074.0
- b48.eac: FileVersion: 10.0.10074.0 (fbl_impressive.150424-1350)
- b48.eac: FileDescription: NT Layer DLL
- b48.eac: \SystemRoot\System32\kernel32.dll:
- b48.eac: CreationTime: 2015-04-25T03:14:22.609869200Z
- b48.eac: LastWriteTime: 2015-04-25T03:14:22.609869200Z
- b48.eac: ChangeTime: 2015-04-30T13:25:31.486556600Z
- b48.eac: FileAttributes: 0x20
- b48.eac: Size: 0xad6e8
- b48.eac: NT Headers: 0xe8
- b48.eac: Timestamp: 0x553acf74
- b48.eac: Machine: 0x8664 - amd64
- b48.eac: Timestamp: 0x553acf74
- b48.eac: Image Version: 10.0
- b48.eac: SizeOfImage: 0xaf000 (716800)
- b48.eac: Resource Dir: 0xad000 LB 0x518
- b48.eac: ProductName: Microsoft® Windows® Operating System
- b48.eac: ProductVersion: 10.0.10074.0
- b48.eac: FileVersion: 10.0.10074.0 (fbl_impressive.150424-1350)
- b48.eac: FileDescription: Windows NT BASE API Client DLL
- b48.eac: \SystemRoot\System32\KernelBase.dll:
- b48.eac: CreationTime: 2015-04-25T03:16:10.279886300Z
- b48.eac: LastWriteTime: 2015-04-25T03:16:10.279886300Z
- b48.eac: ChangeTime: 2015-04-30T13:25:31.502182700Z
- b48.eac: FileAttributes: 0x20
- b48.eac: Size: 0x1d5618
- b48.eac: NT Headers: 0x100
- b48.eac: Timestamp: 0x553acf7b
- b48.eac: Machine: 0x8664 - amd64
- b48.eac: Timestamp: 0x553acf7b
- b48.eac: Image Version: 10.0
- b48.eac: SizeOfImage: 0x1d6000 (1925120)
- b48.eac: Resource Dir: 0x1c0000 LB 0x530
- b48.eac: ProductName: Microsoft® Windows® Operating System
- b48.eac: ProductVersion: 10.0.10074.0
- b48.eac: FileVersion: 10.0.10074.0 (fbl_impressive.150424-1350)
- b48.eac: FileDescription: Windows NT BASE API Client DLL
- b48.eac: \SystemRoot\System32\apisetschema.dll:
- b48.eac: CreationTime: 2015-04-25T03:15:36.780163800Z
- b48.eac: LastWriteTime: 2015-04-25T03:15:36.780163800Z
- b48.eac: ChangeTime: 2015-04-30T13:25:28.579914500Z
- b48.eac: FileAttributes: 0x20
- b48.eac: Size: 0x159e8
- b48.eac: NT Headers: 0xc8
- b48.eac: Timestamp: 0x553adc20
- b48.eac: Machine: 0x8664 - amd64
- b48.eac: Timestamp: 0x553adc20
- b48.eac: Image Version: 10.0
- b48.eac: SizeOfImage: 0x16000 (90112)
- b48.eac: Resource Dir: 0x15000 LB 0x3f8
- b48.eac: ProductName: Microsoft® Windows® Operating System
- b48.eac: ProductVersion: 10.0.10074.0
- b48.eac: FileVersion: 10.0.10074.0 (fbl_impressive.150424-1350)
- b48.eac: FileDescription: ApiSet Schema DLL
- b48.eac: NtOpenDirectoryObject failed on \Driver: 0xc0000022
- b48.eac: supR3HardenedWinFindAdversaries: 0x0
- b48.eac: Calling main()
- b48.eac: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
- b48.eac: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
- b48.eac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
- b48.eac: SUPR3HardenedMain: Respawn #2
- b48.eac: supR3HardNtEnableThreadCreation:
- b48.eac: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbdbf24140 pvNtTerminateThread=00007ffbdbf4b550
- b48.eac: supR3HardenedWinDoReSpawn(2): New child df0.2050 [kernel32].
- b48.eac: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
- b48.eac: supR3HardNtChildGatherData: PebBaseAddress=00007ff7b8894000 cbPeb=0x388
- b48.eac: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffbdbec0000 uNtDllChildAddr=00007ffbdbec0000
- b48.eac: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffbdbf24140
- b48.eac: supR3HardenedWinSetupChildInit: Start child.
- b48.eac: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
- b48.eac: supR3HardNtChildPurify: Startup delay kludge #1/0: 265 ms, 30 sleeps
- b48.eac: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
- b48.eac: *0000000000000000-ffffffffff23ffff 0x0001/0x0000 0x0000000
- b48.eac: *0000000000dc0000-0000000000d9ffff 0x0004/0x0004 0x0020000
- b48.eac: *0000000000de0000-0000000000dccfff 0x0002/0x0002 0x0040000
- b48.eac: 0000000000df3000-0000000000de5fff 0x0001/0x0000 0x0000000
- b48.eac: *0000000000e00000-0000000000d03fff 0x0000/0x0004 0x0020000
- b48.eac: 0000000000efc000-0000000000ef8fff 0x0104/0x0004 0x0020000
- b48.eac: 0000000000eff000-0000000000efdfff 0x0004/0x0004 0x0020000
- b48.eac: *0000000000f00000-0000000000efbfff 0x0002/0x0002 0x0040000
- b48.eac: 0000000000f04000-0000000000ef7fff 0x0001/0x0000 0x0000000
- b48.eac: *0000000000f10000-0000000000f0dfff 0x0004/0x0004 0x0020000
- b48.eac: 0000000000f12000-ffffffff81e43fff 0x0001/0x0000 0x0000000
- b48.eac: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
- b48.eac: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
- b48.eac: 000000007fff0000-ffff80094776ffff 0x0001/0x0000 0x0000000
- b48.eac: *00007ff7b8870000-00007ff7b884cfff 0x0002/0x0002 0x0040000
- b48.eac: 00007ff7b8893000-00007ff7b8891fff 0x0001/0x0000 0x0000000
- b48.eac: *00007ff7b8894000-00007ff7b8892fff 0x0004/0x0004 0x0020000
- b48.eac: 00007ff7b8895000-00007ff7b888bfff 0x0001/0x0000 0x0000000
- b48.eac: *00007ff7b889e000-00007ff7b889bfff 0x0004/0x0004 0x0020000
- b48.eac: 00007ff7b88a0000-00007ff7b87effff 0x0001/0x0000 0x0000000
- b48.eac: *00007ff7b8950000-00007ff7b8950fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
- b48.eac: 00007ff7b8951000-00007ff7b89d6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
- b48.eac: 00007ff7b89d7000-00007ff7b89d7fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
- b48.eac: 00007ff7b89d8000-00007ff7b8a21fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
- b48.eac: 00007ff7b8a22000-00007ff7b8a22fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
- b48.eac: 00007ff7b8a23000-00007ff7b8a23fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
- b48.eac: 00007ff7b8a24000-00007ff7b8a25fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
- b48.eac: 00007ff7b8a26000-00007ff7b8a26fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
- b48.eac: 00007ff7b8a27000-00007ff7b8a27fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
- b48.eac: 00007ff7b8a28000-00007ff7b8a2bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
- b48.eac: 00007ff7b8a2c000-00007ff7b8a75fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
- b48.eac: 00007ff7b8a76000-00007ff39562bfff 0x0001/0x0000 0x0000000
- b48.eac: *00007ffbdbec0000-00007ffbdbec0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
- b48.eac: 00007ffbdbec1000-00007ffbdbfbbfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
- b48.eac: 00007ffbdbfbc000-00007ffbdbffcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
- b48.eac: 00007ffbdbffd000-00007ffbdc005fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
- b48.eac: 00007ffbdc006000-00007ffbdc012fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
- b48.eac: 00007ffbdc013000-00007ffbdc013fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
- b48.eac: 00007ffbdc014000-00007ffbdc016fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
- b48.eac: 00007ffbdc017000-00007ffbdc07cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
- b48.eac: 00007ffbdc07d000-00007ff7b8119fff 0x0001/0x0000 0x0000000
- b48.eac: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
- b48.eac: VirtualBox.exe: timestamp 0x5559f4d1 (rc=VINF_SUCCESS)
- b48.eac: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
- b48.eac: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
- b48.eac: supR3HardNtChildPurify: Done after 318 ms and 0 fixes (loop #0).
- df0.2050: Log file opened: 5.0.0_BETA4r100374 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0275a00
- df0.2050: supR3HardenedVmProcessInit: uNtDllAddr=00007ffbdbec0000
- b48.eac: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000510000 LB 0x400000)
- df0.2050: ntdll.dll: timestamp 0x553ace18 (rc=VINF_SUCCESS)
- b48.eac: supR3HardNtEnableThreadCreation:
- df0.2050: New simple heap: #1 0000000001020000 LB 0x400000 (for 1822720 allocation)
- df0.2050: System32: \Device\HarddiskVolume4\Windows\System32
- df0.2050: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
- df0.2050: KnownDllPath: C:\WINDOWS\system32
- df0.2050: supR3HardenedVmProcessInit: Opening vboxdrv...
- df0.2050: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
- df0.2050: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
- df0.2050: Registered Dll notification callback with NTDLL.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbd93c0000 LB 0x001d6000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbdb3c0000 LB 0x000af000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdb3c0000 'C:\WINDOWS\system32\KERNEL32.DLL'
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ff7b8950000 LB 0x00126000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
- df0.2050: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
- df0.2050: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbdbf24140 pvNtTerminateThread=00007ffbdbf4b550
- b48.eac: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 67 ms.
- df0.2050: \SystemRoot\System32\ntdll.dll:
- df0.2050: CreationTime: 2015-04-25T03:16:09.483018400Z
- df0.2050: LastWriteTime: 2015-04-25T03:16:09.514268400Z
- df0.2050: ChangeTime: 2015-04-30T13:25:31.674070200Z
- df0.2050: FileAttributes: 0x20
- df0.2050: Size: 0x1ba428
- df0.2050: NT Headers: 0xe8
- df0.2050: Timestamp: 0x553ace18
- df0.2050: Machine: 0x8664 - amd64
- df0.2050: Timestamp: 0x553ace18
- df0.2050: Image Version: 10.0
- df0.2050: SizeOfImage: 0x1bd000 (1822720)
- df0.2050: Resource Dir: 0x157000 LB 0x64f70
- df0.2050: ProductName: Microsoft® Windows® Operating System
- df0.2050: ProductVersion: 10.0.10074.0
- df0.2050: FileVersion: 10.0.10074.0 (fbl_impressive.150424-1350)
- df0.2050: FileDescription: NT Layer DLL
- df0.2050: \SystemRoot\System32\kernel32.dll:
- df0.2050: CreationTime: 2015-04-25T03:14:22.609869200Z
- df0.2050: LastWriteTime: 2015-04-25T03:14:22.609869200Z
- df0.2050: ChangeTime: 2015-04-30T13:25:31.486556600Z
- df0.2050: FileAttributes: 0x20
- df0.2050: Size: 0xad6e8
- df0.2050: NT Headers: 0xe8
- df0.2050: Timestamp: 0x553acf74
- df0.2050: Machine: 0x8664 - amd64
- df0.2050: Timestamp: 0x553acf74
- df0.2050: Image Version: 10.0
- df0.2050: SizeOfImage: 0xaf000 (716800)
- df0.2050: Resource Dir: 0xad000 LB 0x518
- df0.2050: ProductName: Microsoft® Windows® Operating System
- df0.2050: ProductVersion: 10.0.10074.0
- df0.2050: FileVersion: 10.0.10074.0 (fbl_impressive.150424-1350)
- df0.2050: FileDescription: Windows NT BASE API Client DLL
- df0.2050: \SystemRoot\System32\KernelBase.dll:
- df0.2050: CreationTime: 2015-04-25T03:16:10.279886300Z
- df0.2050: LastWriteTime: 2015-04-25T03:16:10.279886300Z
- df0.2050: ChangeTime: 2015-04-30T13:25:31.502182700Z
- df0.2050: FileAttributes: 0x20
- df0.2050: Size: 0x1d5618
- df0.2050: NT Headers: 0x100
- df0.2050: Timestamp: 0x553acf7b
- df0.2050: Machine: 0x8664 - amd64
- df0.2050: Timestamp: 0x553acf7b
- df0.2050: Image Version: 10.0
- df0.2050: SizeOfImage: 0x1d6000 (1925120)
- df0.2050: Resource Dir: 0x1c0000 LB 0x530
- df0.2050: ProductName: Microsoft® Windows® Operating System
- df0.2050: ProductVersion: 10.0.10074.0
- df0.2050: FileVersion: 10.0.10074.0 (fbl_impressive.150424-1350)
- df0.2050: FileDescription: Windows NT BASE API Client DLL
- df0.2050: \SystemRoot\System32\apisetschema.dll:
- df0.2050: CreationTime: 2015-04-25T03:15:36.780163800Z
- df0.2050: LastWriteTime: 2015-04-25T03:15:36.780163800Z
- df0.2050: ChangeTime: 2015-04-30T13:25:28.579914500Z
- df0.2050: FileAttributes: 0x20
- df0.2050: Size: 0x159e8
- df0.2050: NT Headers: 0xc8
- df0.2050: Timestamp: 0x553adc20
- df0.2050: Machine: 0x8664 - amd64
- df0.2050: Timestamp: 0x553adc20
- df0.2050: Image Version: 10.0
- df0.2050: SizeOfImage: 0x16000 (90112)
- df0.2050: Resource Dir: 0x15000 LB 0x3f8
- df0.2050: ProductName: Microsoft® Windows® Operating System
- df0.2050: ProductVersion: 10.0.10074.0
- df0.2050: FileVersion: 10.0.10074.0 (fbl_impressive.150424-1350)
- df0.2050: FileDescription: ApiSet Schema DLL
- df0.2050: NtOpenDirectoryObject failed on \Driver: 0xc0000022
- df0.2050: supR3HardenedWinFindAdversaries: 0x0
- df0.2050: Calling main()
- df0.2050: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
- df0.2050: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
- df0.2050: SUPR3HardenedMain: Final process, opening VBoxDrv...
- df0.2050: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001020000 LB 0x400000)
- df0.2050: supR3HardNtEnableThreadCreation:
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
- df0.2050: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbd69b0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd69b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd69b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd69b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'msasn1.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbdb9f0000 LB 0x0009d000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbd8ad0000 LB 0x00011000 C:\WINDOWS\system32\MSASN1.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbd9120000 LB 0x001d9000 C:\WINDOWS\system32\CRYPT32.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbdb290000 LB 0x00126000 C:\WINDOWS\system32\RPCRT4.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbd9350000 LB 0x00067000 C:\WINDOWS\system32\Wintrust.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9350000 'C:\WINDOWS\system32\Wintrust.dll'
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
- df0.2050: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbd89d0000 LB 0x00028000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd89d0000 'C:\WINDOWS\system32\bcrypt.dll'
- df0.2050: bcrypt.dll loaded at 00007ffbd89d0000, BCryptOpenAlgorithmProvider at 00007ffbd89d3290, preloading providers:
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbd8860000 LB 0x00068000 C:\WINDOWS\system32\bcryptprimitives.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd8860000 'C:\WINDOWS\system32\bcryptprimitives.dll'
- df0.2050: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000015c9680)
- df0.2050: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000015c9d40)
- df0.2050: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000015ca820)
- df0.2050: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000015caaf0)
- df0.2050: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000015cae00)
- df0.2050: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000015cb110)
- df0.2050: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000015cb420)
- df0.2050: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000015cb6f0)
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9350000 'C:\Windows\System32\WINTRUST.DLL'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9350000 'C:\Windows\System32\WINTRUST.DLL'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9350000 'C:\Windows\System32\WINTRUST.DLL'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9350000 'C:\Windows\System32\WINTRUST.DLL'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9350000 'C:\Windows\System32\WINTRUST.DLL'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9350000 'C:\Windows\System32\WINTRUST.DLL'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9350000 'C:\Windows\System32\WINTRUST.DLL'
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbd8320000 LB 0x00016000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbd7f80000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbd8470000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdb3c0000 'C:\WINDOWS\system32\kernel32.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9350000 'C:\Windows\System32\WINTRUST.DLL'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\CRYPT32.dll'
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbdb840000 LB 0x00018000 C:\WINDOWS\system32\imagehlp.dll [fFlags=0x0]
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbd9710000 LB 0x0005a000 C:\WINDOWS\system32\sechost.dll [fFlags=0x0]
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbd7a10000 LB 0x00023000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbd8aa0000 LB 0x00014000 C:\WINDOWS\system32\profapi.dll [fFlags=0x0]
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'wldap32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'bcrypt.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume4\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\Wldap32.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\Wldap32.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbdba90000 LB 0x0005b000 C:\WINDOWS\system32\WLDAP32.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbbf670000 LB 0x00030000 C:\WINDOWS\system32\cryptnet.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbbf670000 'C:\WINDOWS\system32\cryptnet.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbbf670000 'C:\WINDOWS\system32\cryptnet.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbbf670000 'C:\WINDOWS\system32\cryptnet.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbbf670000 'C:\WINDOWS\system32\cryptnet.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbbf670000 'C:\WINDOWS\system32\cryptnet.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbbf670000 'C:\WINDOWS\system32\cryptnet.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbbf670000 'C:\WINDOWS\system32\cryptnet.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbbf670000 'C:\WINDOWS\system32\cryptnet.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbbf670000 'C:\WINDOWS\system32\cryptnet.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbbf670000 'C:\WINDOWS\system32\cryptnet.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbbf670000 'C:\WINDOWS\system32\cryptnet.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbbf670000 'C:\WINDOWS\system32\cryptnet.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbbf670000 'C:\Windows\System32\cryptnet.dll'
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbdbc00000 LB 0x000a6000 C:\WINDOWS\system32\advapi32.dll [fFlags=0x0]
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'rpcrt4.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000001633db0
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001633db0
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9F044A15A16BC2551C9AA8CF60A3FC7F400CED32
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdb290000 'C:\WINDOWS\system32\rpcrt4.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9350000 'C:\Windows\System32\WINTRUST.DLL'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9350000 'C:\Windows\System32\WINTRUST.DLL'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9350000 'C:\Windows\System32\WINTRUST.DLL'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9350000 'C:\Windows\System32\WINTRUST.DLL'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9350000 'C:\Windows\System32\WINTRUST.DLL'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9350000 'C:\Windows\System32\WINTRUST.DLL'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9350000 'C:\Windows\System32\WINTRUST.DLL'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Group-minkernel-Package~31bf3856ad364e35~amd64~~10.0.10074.0.cat'; file='\SystemRoot\System32\ntdll.dll'
- df0.2050: g_pfnWinVerifyTrust=00007ffbd9357f90
- df0.2050: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
- df0.2050: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000388 pwszName=\Device\HarddiskVolume4\Windows\System32\Wldap32.dll
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001633db0
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001633db0
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=989C645E7D6AD8298E35D1FD16AF2496965861F9
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-ds-Package~31bf3856ad364e35~amd64~~10.0.10074.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\Wldap32.dll'
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\Wldap32.dll'
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000384 pwszName=\Device\HarddiskVolume4\Windows\System32\cryptnet.dll
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001633db0
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001633db0
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FA7C82291D1B0F5E69266CCD2B2673976D4009DA
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-ds-Package~31bf3856ad364e35~amd64~~10.0.10074.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0x91e3728b8b40d000 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0x6e2ba21058eedf00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0x92ac5ed85c2d0e9b C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
- df0.2050: supR3HardenedWinIsDesiredRootCA: Adding 0x39bb496d7f0fc200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Development Root Certificate Authority 2014
- df0.2050: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=43
- df0.2050: SUPR3HardenedMain: Load Runtime...
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll)WinVerifyTrust
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'nsi.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll)WinVerifyTrust
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
- df0.2050: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\nsi.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nsi.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\nsi.dll
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll)WinVerifyTrust
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
- df0.2050: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)WinVerifyTrust
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
- df0.2050: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
- df0.2050: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
- df0.2050: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
- df0.2050: supR3HardenedDllNotificationCallback: load 0000000066bb0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
- df0.2050: supR3HardenedDllNotificationCallback: load 0000000066b10000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbd9700000 LB 0x00008000 C:\WINDOWS\system32\NSI.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbdb4d0000 LB 0x0005b000 C:\WINDOWS\system32\WS2_32.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbcd8d0000 LB 0x00542000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
- df0.2050: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
- df0.2050: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\nsi.dll'.
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rescheduled]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9350000 'C:\WINDOWS\system32\Wintrust.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: Error -1912 in supR3HardenedMainInitRuntime! (enmWhat=4)
- df0.2050: RTR3InitEx failed with rc=-1912
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll)WinVerifyTrust
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmm.dll)WinVerifyTrust
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmm.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000047c pwszName=\Device\HarddiskVolume4\Windows\System32\comdlg32.dll
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001633db0
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001633db0
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5997D97350541B1158B81533530D58551CE8DE6E
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
- df0.2050: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
- df0.2050: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'devobj.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmmbase.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
- df0.2050: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\devobj.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'cfgmgr32.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\devobj.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devobj.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
- df0.2050: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
- df0.2050: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.10074.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'user32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'shlwapi.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'gdi32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'comctl32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'shell32.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\comdlg32.dll)WinVerifyTrust
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
- df0.2050: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #64 'user32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #66 'gdi32.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
- df0.2050: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\comctl32.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comctl32.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
- df0.2050: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'gdi32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll)WinVerifyTrust
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
- df0.2050: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll)WinVerifyTrust
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [redoing WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll'
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\user32.dll'
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll)WinVerifyTrust
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
- df0.2050: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
- df0.2050: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
- df0.2050: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\opengl32.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\opengl32.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume4\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
- df0.2050: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\ddraw.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'user32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'gdi32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'dciman32.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\ddraw.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ddraw.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
- df0.2050: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\glu32.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\glu32.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
- df0.2050: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\winspool.drv)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winspool.drv
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
- df0.2050: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'msctf.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume4\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
- df0.2050: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msctf.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'imm32.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msctf.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msctf.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume4\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
- df0.2050: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\dciman32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dciman32.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dciman32.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll)WinVerifyTrust
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [redoing WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [redoing WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c8 pwszName=\Device\HarddiskVolume4\Windows\System32\opengl32.dll
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001633db0
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001633db0
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0F243467B38B389F3F39A431759E75007C8BD33E
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~10.0.10074.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
- df0.2050: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
- df0.2050: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
- df0.2050: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
- df0.2050: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
- df0.2050: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
- df0.2050: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
- df0.2050: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10074.0_none_3a21e2bb56334ae1\comctl32.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10074.0_none_3a21e2bb56334ae1\comctl32.dll
- df0.2050: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
- df0.2050: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
- df0.2050: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
- df0.2050: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
- df0.2050: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
- df0.2050: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
- df0.2050: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbdb6c0000 LB 0x0016c000 C:\WINDOWS\system32\USER32.dll [fFlags=0x0]
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbdb860000 LB 0x00181000 C:\WINDOWS\system32\GDI32.dll [fFlags=0x0]
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbc6510000 LB 0x00008000 C:\WINDOWS\SYSTEM32\DCIMAN32.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbc0bc0000 LB 0x000f7000 C:\WINDOWS\SYSTEM32\DDRAW.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbc0cc0000 LB 0x0002e000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbc0d30000 LB 0x00128000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbd9950000 LB 0x00256000 C:\WINDOWS\system32\combase.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [avoiding WinVerifyTrust]
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbdb530000 LB 0x0013b000 C:\WINDOWS\system32\ole32.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
- df0.2050: supR3HardenedDllNotificationCallback: load 0000000065cd0000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbd9650000 LB 0x000ac000 C:\WINDOWS\system32\shcore.dll [fFlags=0x0]
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\SHCore.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\SHCore.dll
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbdb670000 LB 0x00050000 C:\WINDOWS\system32\shlwapi.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbc0410000 LB 0x000aa000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10074.0_none_3a21e2bb56334ae1\COMCTL32.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10074.0_none_3a21e2bb56334ae1\comctl32.dll [avoiding WinVerifyTrust]
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbd8ac0000 LB 0x0000e000 C:\WINDOWS\system32\kernel.appcore.dll [fFlags=0x0]
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbd8af0000 LB 0x00048000 C:\WINDOWS\system32\powrprof.dll [fFlags=0x0]
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\powrprof.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\powrprof.dll
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbd8b40000 LB 0x005d4000 C:\WINDOWS\system32\windows.storage.dll [fFlags=0x0]
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #60 'combase.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #66 'profapi.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\windows.storage.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbd9e80000 LB 0x0140d000 C:\WINDOWS\system32\SHELL32.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbdbaf0000 LB 0x000d0000 C:\WINDOWS\system32\COMDLG32.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbd9bb0000 LB 0x000be000 C:\WINDOWS\system32\OLEAUT32.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbd9c70000 LB 0x0015c000 C:\WINDOWS\system32\MSCTF.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll [avoiding WinVerifyTrust]
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbdbbc0000 LB 0x00035000 C:\WINDOWS\system32\IMM32.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbd9300000 LB 0x00044000 C:\WINDOWS\system32\cfgmgr32.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbd7280000 LB 0x00026000 C:\WINDOWS\SYSTEM32\DEVOBJ.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbc8c70000 LB 0x0002b000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbc8ca0000 LB 0x00022000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbce050000 LB 0x00083000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
- df0.2050: supR3HardenedDllNotificationCallback: load 0000000065fb0000 LB 0x00969000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
- df0.2050: supR3HardenedDllNotificationCallback: load 0000000066a00000 LB 0x00105000 C:\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
- df0.2050: supR3HardenedDllNotificationCallback: load 0000000066920000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbbaf80000 LB 0x00a9e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
- df0.2050: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
- df0.2050: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
- df0.2050: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
- df0.2050: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
- df0.2050: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10074.0_none_3a21e2bb56334ae1\comctl32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10074.0_none_3a21e2bb56334ae1\comctl32.dll' [rescheduled]
- df0.2050: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\dciman32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\dciman32.dll' [rescheduled]
- df0.2050: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msctf.dll'.
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll' [rescheduled]
- df0.2050: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
- df0.2050: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rescheduled]
- df0.2050: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
- df0.2050: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\ddraw.dll'.
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\ddraw.dll' [rescheduled]
- df0.2050: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
- df0.2050: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
- df0.2050: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rescheduled]
- df0.2050: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
- df0.2050: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\devobj.dll'.
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rescheduled]
- df0.2050: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [redoing WinVerifyTrust]
- df0.2050: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\imm32.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
- df0.2050: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
- df0.2050: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
- df0.2050: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
- df0.2050: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdbbc0000 'C:\WINDOWS\system32\imm32.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbbaf80000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc8ca0000 'C:\WINDOWS\system32\winmm.dll'
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000620 pwszName=\Device\HarddiskVolume4\Windows\System32\uxtheme.dll
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001633db0
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001633db0
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BC0B49CD4C9AE2496DD3C855F463DF822B214D30
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.10074.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'gdi32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'user32.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\uxtheme.dll)WinVerifyTrust
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
- df0.2050: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbd7530000 LB 0x0008f000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7530000 'C:\WINDOWS\system32\uxtheme.dll'
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'iertutil.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'oleaut32.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\edputil.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\edputil.dll
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'combase.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\WinTypes.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\WinTypes.dll
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'cryptsp.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\iertutil.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\iertutil.dll
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbd70c0000 LB 0x00125000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbd6c60000 LB 0x0034e000 C:\WINDOWS\SYSTEM32\iertutil.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\iertutil.dll [avoiding WinVerifyTrust]
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbd72b0000 LB 0x00025000 C:\WINDOWS\SYSTEM32\edputil.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\edputil.dll [avoiding WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'gdi32.dll'.
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'dcomp.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dwmapi.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
- df0.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
- df0.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dcomp.dll)
- df0.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dcomp.dll
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbd7380000 LB 0x000c9000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll [avoiding WinVerifyTrust]
- df0.2050: supR3HardenedDllNotificationCallback: load 00007ffbd5d40000 LB 0x00020000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume4\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cryptsp.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'cryptsp.dll' -> '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iertutil.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'iertutil.dll' -> '\Device\HarddiskVolume4\Windows\System32\iertutil.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\iertutil.dll [lacks WinVerifyTrust]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dcomp.dll'
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000650 pwszName=\Device\HarddiskVolume4\Windows\System32\dwmapi.dll
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001633db0
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001633db0
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=96BB1C44148B7923D3097A690A78A21E9ABCDDED
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Composition-Core-windows-Package~31bf3856ad364e35~amd64~~10.0.10074.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\dwmapi.dll'
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\iertutil.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\WinTypes.dll'
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000063c pwszName=\Device\HarddiskVolume4\Windows\System32\edputil.dll
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001633db0
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001633db0
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=25B755D2EDF7ED52617E5A8F7F4AD10128BF64D7
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-ds~31bf3856ad364e35~amd64~~10.0.10074.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\edputil.dll'
- df0.2050: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
- df0.2050: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\edputil.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9e80000 'C:\WINDOWS\system32\shell32.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdb3c0000 'C:\WINDOWS\system32\kernel32.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7530000 'C:\WINDOWS\system32\uxtheme.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7530000 'C:\WINDOWS\system32\uxtheme.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdb6c0000 'C:\WINDOWS\system32\user32.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7530000 'C:\WINDOWS\system32\uxtheme.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdb6c0000 'C:\WINDOWS\system32\user32.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdb860000 'C:\WINDOWS\system32\gdi32.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdb6c0000 'C:\WINDOWS\system32\user32.dll'
- df0.2048: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
- df0.2048: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\SYSTEM32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc8ca0000 'C:\WINDOWS\SYSTEM32\WINMM.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll [redoing WinVerifyTrust]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2048: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
- df0.2048: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
- df0.2048: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'devobj.dll'.
- df0.2048: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll)
- df0.2048: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
- df0.2048: supR3HardenedDllNotificationCallback: load 00007ffbd5100000 LB 0x0006f000 C:\WINDOWS\SYSTEM32\MMDevAPI.DLL [fFlags=0x0]
- df0.2048: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll [avoiding WinVerifyTrust]
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
- df0.2048: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll [lacks WinVerifyTrust]
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
- df0.2048: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2050: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll'
- df0.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
- df0.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9c70000 'C:\WINDOWS\system32\MSCTF.dll'
- df0.2048: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll'
- df0.2048: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006e4 pwszName=\Device\HarddiskVolume4\Windows\System32\wdmaud.drv
- df0.2048: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001633db0
- df0.2048: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001633db0
- df0.2048: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=91ED6AA513C557A93E1309CC5A4B544180A1B4C6
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2048: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Multimedia-MMECoreWdmAudio-Package~31bf3856ad364e35~amd64~~10.0.10074.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\wdmaud.drv'
- df0.2048: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
- df0.2048: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
- df0.2048: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ksuser.dll'.
- df0.2048: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
- df0.2048: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'winmm.dll'.
- df0.2048: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'avrt.dll'.
- df0.2048: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'mmdevapi.dll'.
- df0.2048: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wdmaud.drv)WinVerifyTrust
- df0.2048: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
- df0.2048: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2048: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\avrt.dll)WinVerifyTrust
- df0.2048: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\avrt.dll
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
- df0.2048: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume4\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2048: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
- df0.2048: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ksuser.dll)WinVerifyTrust
- df0.2048: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ksuser.dll
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2048: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2048: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
- df0.2048: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
- df0.2048: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
- df0.2048: supR3HardenedDllNotificationCallback: load 00007ffbd4d90000 LB 0x00008000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
- df0.2048: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
- df0.2048: supR3HardenedDllNotificationCallback: load 00007ffbd4e20000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
- df0.2048: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
- df0.2048: supR3HardenedDllNotificationCallback: load 00007ffbc9b00000 LB 0x00042000 C:\WINDOWS\system32\wdmaud.drv [fFlags=0x0]
- df0.2048: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc9b00000 'C:\WINDOWS\system32\wdmaud.drv'
- df0.2048: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
- df0.2048: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc9b00000 'C:\WINDOWS\system32\wdmaud.drv'
- df0.2048: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
- df0.2048: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5100000 'C:\WINDOWS\system32\MMDEVAPI.DLL'
- df0.2048: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
- df0.2048: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc9b00000 'C:\WINDOWS\system32\wdmaud.drv'
- df0.2048: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
- df0.2048: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc9b00000 'C:\WINDOWS\system32\wdmaud.drv'
- df0.2048: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
- df0.2048: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc9b00000 'C:\WINDOWS\system32\wdmaud.drv'
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2048: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
- df0.2048: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
- df0.2048: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
- df0.2048: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'mmdevapi.dll'.
- df0.2048: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\AudioSes.dll)WinVerifyTrust
- df0.2048: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
- df0.2048: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
- df0.2048: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2048: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2048: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
- df0.2048: supR3HardenedDllNotificationCallback: load 00007ffbca060000 LB 0x00080000 C:\WINDOWS\system32\AUDIOSES.DLL [fFlags=0x0]
- df0.2048: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbca060000 'C:\WINDOWS\system32\AUDIOSES.DLL'
- df0.2048: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000738 pwszName=\Device\HarddiskVolume4\Windows\System32\msacm32.drv
- df0.2048: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001633db0
- df0.2048: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001633db0
- df0.2048: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5D9632F6BCC8D4347E7DA6D39070CE3B5283C521
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2048: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10074.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\msacm32.drv'
- df0.2048: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
- df0.2048: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
- df0.2048: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
- df0.2048: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msacm32.dll'.
- df0.2048: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'user32.dll'.
- df0.2048: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
- df0.2048: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.drv)WinVerifyTrust
- df0.2048: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.drv
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
- df0.2048: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2048: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
- df0.2048: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.dll)WinVerifyTrust
- df0.2048: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.dll
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
- df0.2048: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2048: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2048: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
- df0.2048: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
- df0.2048: supR3HardenedDllNotificationCallback: load 00007ffbcf750000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
- df0.2048: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
- df0.2048: supR3HardenedDllNotificationCallback: load 00007ffbcff20000 LB 0x0000c000 C:\WINDOWS\system32\msacm32.drv [fFlags=0x0]
- df0.2048: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcff20000 'C:\WINDOWS\system32\msacm32.drv'
- df0.2048: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
- df0.2048: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcff20000 'C:\WINDOWS\system32\msacm32.drv'
- df0.2048: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
- df0.2048: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcff20000 'C:\WINDOWS\system32\msacm32.drv'
- df0.2048: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
- df0.2048: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcff20000 'C:\WINDOWS\system32\msacm32.drv'
- df0.2048: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
- df0.2048: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcff20000 'C:\WINDOWS\system32\msacm32.drv'
- df0.2048: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
- df0.2048: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcff20000 'C:\WINDOWS\system32\msacm32.drv'
- df0.2048: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
- df0.2048: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcff20000 'C:\WINDOWS\system32\msacm32.drv'
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcff20000 'C:\WINDOWS\system32\msacm32.drv'
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcff20000 'C:\WINDOWS\system32\msacm32.drv'
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcff20000 'C:\WINDOWS\system32\msacm32.drv'
- df0.2048: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000074c pwszName=\Device\HarddiskVolume4\Windows\System32\midimap.dll
- df0.2048: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001633db0
- df0.2048: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001633db0
- df0.2048: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4159E36005E1995524345D53A619A4D95E7180C8
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7f80000 'C:\WINDOWS\system32\rsaenh.dll'
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd9120000 'C:\WINDOWS\system32\crypt32.dll'
- df0.2048: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10074.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\midimap.dll'
- df0.2048: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
- df0.2048: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
- df0.2048: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'winmm.dll'.
- df0.2048: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\midimap.dll)WinVerifyTrust
- df0.2048: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\midimap.dll
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
- df0.2048: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
- df0.2048: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
- df0.2048: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2048: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
- df0.2048: supR3HardenedDllNotificationCallback: load 00007ffbcfaf0000 LB 0x0000a000 C:\WINDOWS\system32\midimap.dll [fFlags=0x0]
- df0.2048: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcfaf0000 'C:\WINDOWS\system32\midimap.dll'
- df0.2048: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
- df0.2048: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcfaf0000 'C:\WINDOWS\system32\midimap.dll'
- df0.2048: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
- df0.2048: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcfaf0000 'C:\WINDOWS\system32\midimap.dll'
- df0.2048: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
- df0.2048: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
- df0.2048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcfaf0000 'C:\WINDOWS\system32\midimap.dll'
- b48.eac: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2650 ms, the end);
- 20e0.1054: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 3051 ms, the end);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
