19d0.19d8: Log file opened: 4.3.16r95972 g_hStartupLog=0000000000000010 g_uNtVerCombined=0x63258000 19d0.19d8: Calling main() 19d0.19d8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 19d0.19d8: SUPR3HardenedMain: Respawn #1 19d0.19d8: System32: \Device\HarddiskVolume3\Windows\System32 19d0.19d8: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS 19d0.19d8: ProgDir: \Device\HarddiskVolume3\Program Files 19d0.19d8: ComDir: \Device\HarddiskVolume3\Program Files\Common Files 19d0.19d8: ProgDir32: \Device\HarddiskVolume3\Program Files (x86) 19d0.19d8: ComDir32: \Device\HarddiskVolume3\Program Files (x86)\Common Files 19d0.19d8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 19d0.19d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe) 19d0.19d8: supR3HardNtEnableThreadCreation: 19d0.19d8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff90d919c5c pvNtTerminateThread=00007ff90d941ba0 19d0.19d8: supR3HardenedWinDoReSpawn(1): New child 1bb0.1900 [kernel32]. 19d0.19d8: supR3HardenedWinPurifyChild: PebBaseAddress=00007ff6a12ab000 cbPeb=0x388 19d0.19d8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff90d8b0000 uNtDllChildAddr=00007ff90d8b0000 19d0.19d8: supR3HardNtPuChTriggerInitialImageEvents: uLdrInitThunk=00007ff90d919c5c uNtTerminateThread=00007ff90d941ba0 19d0.19d8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff90d919c5c pvNtTerminateThread=00007ff90d941ba0 19d0.19d8: supR3HardNtPuChTriggerInitialImageEvents: mapping view of ntdll.dll[2nd] 19d0.19d8: supR3HardNtPuChTriggerInitialImageEvents: ntdll.dll[2nd] mapped at 0000000000690000 LB 0x1a6000 19d0.19d8: supR3HardNtPuChTriggerInitialImageEvents: mapping view of kernel32.dll 19d0.19d8: supR3HardNtPuChTriggerInitialImageEvents: kernel32.dll mapped at 00007ff90d750000 LB 0x13a000 19d0.19d8: supR3HardNtPuChTriggerInitialImageEvents: mapping view of KernelBase.dll 19d0.19d8: supR3HardNtPuChTriggerInitialImageEvents: KernelBase.dll mapped at 00007ff90ad00000 LB 0x10f000 19d0.19d8: supR3HardNtPuChTriggerInitialImageEvents: Startup delay kludge #1: 16 ms 19d0.19d8: supR3HardNtEnableThreadCreation: 19d0.19d8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 19d0.19d8: *0000000000000000-ffffffffffabffff 0x0001/0x0000 0x0000000 19d0.19d8: *0000000000540000-000000000051ffff 0x0004/0x0004 0x0020000 19d0.19d8: *0000000000560000-0000000000550fff 0x0002/0x0002 0x0040000 19d0.19d8: 000000000056f000-000000000056dfff 0x0001/0x0000 0x0000000 19d0.19d8: *0000000000570000-0000000000473fff 0x0000/0x0004 0x0020000 19d0.19d8: 000000000066c000-0000000000668fff 0x0104/0x0004 0x0020000 19d0.19d8: 000000000066f000-000000000066dfff 0x0004/0x0004 0x0020000 19d0.19d8: *0000000000670000-000000000066bfff 0x0002/0x0002 0x0040000 19d0.19d8: 0000000000674000-0000000000667fff 0x0001/0x0000 0x0000000 19d0.19d8: *0000000000680000-000000000067dfff 0x0004/0x0004 0x0020000 19d0.19d8: 0000000000682000-ffffffff80d23fff 0x0001/0x0000 0x0000000 19d0.19d8: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 19d0.19d8: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 19d0.19d8: 000000007fff0000-ffff800a5ed6ffff 0x0001/0x0000 0x0000000 19d0.19d8: *00007ff6a1270000-00007ff6a123cfff 0x0002/0x0002 0x0040000 19d0.19d8: 00007ff6a12a3000-00007ff6a129afff 0x0001/0x0000 0x0000000 19d0.19d8: *00007ff6a12ab000-00007ff6a12a9fff 0x0004/0x0004 0x0020000 19d0.19d8: 00007ff6a12ac000-00007ff6a12a9fff 0x0001/0x0000 0x0000000 19d0.19d8: *00007ff6a12ae000-00007ff6a12abfff 0x0004/0x0004 0x0020000 19d0.19d8: 00007ff6a12b0000-00007ff6a06effff 0x0001/0x0000 0x0000000 19d0.19d8: *00007ff6a1e70000-00007ff6a1e6efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 19d0.19d8: 00007ff6a1e71000-00007ff6a1df1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 19d0.19d8: 00007ff6a1ef0000-00007ff6a1eeefff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 19d0.19d8: 00007ff6a1ef1000-00007ff6a1eb9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 19d0.19d8: 00007ff6a1f28000-00007ff6a1f1efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 19d0.19d8: 00007ff6a1f31000-00007ff6a1ef7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 19d0.19d8: 00007ff6a1f6a000-00007ff436623fff 0x0001/0x0000 0x0000000 19d0.19d8: *00007ff90d8b0000-00007ff90d8aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 19d0.19d8: 00007ff90d8b1000-00007ff90d78bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 19d0.19d8: 00007ff90d9d6000-00007ff90d9ccfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 19d0.19d8: 00007ff90d9df000-00007ff90d9d1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 19d0.19d8: 00007ff90d9ec000-00007ff90d9eafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 19d0.19d8: 00007ff90d9ed000-00007ff90d9ebfff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 19d0.19d8: 00007ff90d9ee000-00007ff90d985fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 19d0.19d8: 00007ff90da56000-00007ff21b4cbfff 0x0001/0x0000 0x0000000 19d0.19d8: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 19d0.19d8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 19d0.19d8: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports 1bb0.1900: Log file opened: 4.3.16r95972 g_hStartupLog=0000000000000010 g_uNtVerCombined=0x63258000 1bb0.1900: Calling main() 1bb0.1900: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 1bb0.1900: System32: \Device\HarddiskVolume3\Windows\System32 1bb0.1900: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS 1bb0.1900: ProgDir: \Device\HarddiskVolume3\Program Files 1bb0.1900: ComDir: \Device\HarddiskVolume3\Program Files\Common Files 1bb0.1900: ProgDir32: \Device\HarddiskVolume3\Program Files (x86) 1bb0.1900: ComDir32: \Device\HarddiskVolume3\Program Files (x86)\Common Files 1bb0.1900: supR3HardenedWinInit: Startup delay kludge #2/0: 94 ms, 11 sleeps 1bb0.1900: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION 1bb0.1900: *0000000000000000-ffffffffffabffff 0x0001/0x0000 0x0000000 1bb0.1900: *0000000000540000-000000000052ffff 0x0004/0x0004 0x0040000 1bb0.1900: 0000000000550000-000000000053ffff 0x0001/0x0000 0x0000000 1bb0.1900: *0000000000560000-0000000000550fff 0x0002/0x0002 0x0040000 1bb0.1900: 000000000056f000-000000000056dfff 0x0001/0x0000 0x0000000 1bb0.1900: *0000000000570000-0000000000475fff 0x0000/0x0004 0x0020000 1bb0.1900: 000000000066a000-0000000000666fff 0x0104/0x0004 0x0020000 1bb0.1900: 000000000066d000-0000000000669fff 0x0004/0x0004 0x0020000 1bb0.1900: *0000000000670000-000000000066bfff 0x0002/0x0002 0x0040000 1bb0.1900: 0000000000674000-0000000000667fff 0x0001/0x0000 0x0000000 1bb0.1900: *0000000000680000-000000000067dfff 0x0004/0x0004 0x0020000 1bb0.1900: 0000000000682000-0000000000673fff 0x0001/0x0000 0x0000000 1bb0.1900: *0000000000690000-0000000000611fff 0x0002/0x0002 0x0040000 1bb0.1900: 000000000070e000-000000000070bfff 0x0001/0x0000 0x0000000 1bb0.1900: *0000000000710000-000000000070dfff 0x0004/0x0004 0x0020000 1bb0.1900: 0000000000712000-00000000006f9fff 0x0000/0x0004 0x0020000 1bb0.1900: 000000000072a000-00000000006a3fff 0x0001/0x0000 0x0000000 1bb0.1900: *00000000007b0000-0000000000781fff 0x0004/0x0004 0x0020000 1bb0.1900: 00000000007de000-000000000070bfff 0x0000/0x0004 0x0020000 1bb0.1900: *00000000008b0000-00000000008a3fff 0x0000/0x0004 0x0020000 1bb0.1900: 00000000008bc000-0000000000714fff 0x0004/0x0004 0x0020000 1bb0.1900: 0000000000a63000-0000000000a61fff 0x0000/0x0004 0x0020000 1bb0.1900: 0000000000a64000-ffffffff814e7fff 0x0001/0x0000 0x0000000 1bb0.1900: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 1bb0.1900: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 1bb0.1900: 000000007fff0000-ffff800a5ee6ffff 0x0001/0x0000 0x0000000 1bb0.1900: *00007ff6a1170000-00007ff6a116afff 0x0002/0x0002 0x0040000 1bb0.1900: 00007ff6a1175000-00007ff6a1079fff 0x0000/0x0002 0x0040000 1bb0.1900: *00007ff6a1270000-00007ff6a123cfff 0x0002/0x0002 0x0040000 1bb0.1900: 00007ff6a12a3000-00007ff6a129afff 0x0001/0x0000 0x0000000 1bb0.1900: *00007ff6a12ab000-00007ff6a12a9fff 0x0004/0x0004 0x0020000 1bb0.1900: 00007ff6a12ac000-00007ff6a12a9fff 0x0001/0x0000 0x0000000 1bb0.1900: *00007ff6a12ae000-00007ff6a12abfff 0x0004/0x0004 0x0020000 1bb0.1900: 00007ff6a12b0000-00007ff6a06effff 0x0001/0x0000 0x0000000 1bb0.1900: *00007ff6a1e70000-00007ff6a1e6efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1bb0.1900: 00007ff6a1e71000-00007ff6a1df1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1bb0.1900: 00007ff6a1ef0000-00007ff6a1eeefff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1bb0.1900: 00007ff6a1ef1000-00007ff6a1eb9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1bb0.1900: 00007ff6a1f28000-00007ff6a1f1efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1bb0.1900: 00007ff6a1f31000-00007ff6a1ef7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1bb0.1900: 00007ff6a1f6a000-00007ff4391d3fff 0x0001/0x0000 0x0000000 1bb0.1900: *00007ff90ad00000-00007ff90acfefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 1bb0.1900: 00007ff90ad01000-00007ff90ac13fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 1bb0.1900: 00007ff90adee000-00007ff90adeafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 1bb0.1900: 00007ff90adf1000-00007ff90adeffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 1bb0.1900: 00007ff90adf2000-00007ff90add4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 1bb0.1900: 00007ff90ae0f000-00007ff9084cdfff 0x0001/0x0000 0x0000000 1bb0.1900: *00007ff90d750000-00007ff90d74efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 1bb0.1900: 00007ff90d751000-00007ff90d63dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 1bb0.1900: 00007ff90d864000-00007ff90d862fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 1bb0.1900: 00007ff90d865000-00007ff90d863fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 1bb0.1900: 00007ff90d866000-00007ff90d841fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 1bb0.1900: 00007ff90d88a000-00007ff90d863fff 0x0001/0x0000 0x0000000 1bb0.1900: *00007ff90d8b0000-00007ff90d8aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1bb0.1900: 00007ff90d8b1000-00007ff90d78bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1bb0.1900: 00007ff90d9d6000-00007ff90d9ccfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1bb0.1900: 00007ff90d9df000-00007ff90d9d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1bb0.1900: 00007ff90d9ed000-00007ff90d9ebfff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1bb0.1900: 00007ff90d9ee000-00007ff90d985fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1bb0.1900: 00007ff90da56000-00007ff21b4cbfff 0x0001/0x0000 0x0000000 1bb0.1900: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 1bb0.1900: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1bb0.1900: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports 1bb0.1900: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1bb0.1900: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe) 1bb0.1900: supHardNtVpScanVirtualMemory: enmKind=VERIFY_ONLY 1bb0.1900: *0000000000000000-ffffffffffabffff 0x0001/0x0000 0x0000000 1bb0.1900: *0000000000540000-000000000052ffff 0x0004/0x0004 0x0040000 1bb0.1900: 0000000000550000-000000000053ffff 0x0001/0x0000 0x0000000 1bb0.1900: *0000000000560000-0000000000550fff 0x0002/0x0002 0x0040000 1bb0.1900: 000000000056f000-000000000056dfff 0x0001/0x0000 0x0000000 1bb0.1900: *0000000000570000-0000000000476fff 0x0000/0x0004 0x0020000 1bb0.1900: 0000000000669000-0000000000665fff 0x0104/0x0004 0x0020000 1bb0.1900: 000000000066c000-0000000000667fff 0x0004/0x0004 0x0020000 1bb0.1900: *0000000000670000-000000000066bfff 0x0002/0x0002 0x0040000 1bb0.1900: 0000000000674000-0000000000667fff 0x0001/0x0000 0x0000000 1bb0.1900: *0000000000680000-000000000067dfff 0x0004/0x0004 0x0020000 1bb0.1900: 0000000000682000-0000000000673fff 0x0001/0x0000 0x0000000 1bb0.1900: *0000000000690000-0000000000611fff 0x0002/0x0002 0x0040000 1bb0.1900: 000000000070e000-000000000070bfff 0x0001/0x0000 0x0000000 1bb0.1900: *0000000000710000-000000000070dfff 0x0004/0x0004 0x0020000 1bb0.1900: 0000000000712000-00000000006f9fff 0x0000/0x0004 0x0020000 1bb0.1900: 000000000072a000-00000000006a3fff 0x0001/0x0000 0x0000000 1bb0.1900: *00000000007b0000-0000000000774fff 0x0004/0x0004 0x0020000 1bb0.1900: 00000000007eb000-00000000007e9fff 0x0000/0x0004 0x0020000 1bb0.1900: 00000000007ec000-00000000007e3fff 0x0004/0x0004 0x0020000 1bb0.1900: 00000000007f4000-00000000007e3fff 0x0000/0x0004 0x0020000 1bb0.1900: 0000000000804000-00000000007f0fff 0x0004/0x0004 0x0020000 1bb0.1900: 0000000000817000-000000000077dfff 0x0000/0x0004 0x0020000 1bb0.1900: *00000000008b0000-00000000008a3fff 0x0000/0x0004 0x0020000 1bb0.1900: 00000000008bc000-0000000000714fff 0x0004/0x0004 0x0020000 1bb0.1900: 0000000000a63000-0000000000a61fff 0x0000/0x0004 0x0020000 1bb0.1900: 0000000000a64000-0000000000a57fff 0x0001/0x0000 0x0000000 1bb0.1900: *0000000000a70000-0000000000970fff 0x0004/0x0004 0x0020000 1bb0.1900: 0000000000b6f000-0000000000b6dfff 0x0000/0x0004 0x0020000 1bb0.1900: *0000000000b70000-0000000000b64fff 0x0000/0x0004 0x0020000 1bb0.1900: 0000000000b7b000-0000000000a3ffff 0x0004/0x0004 0x0020000 1bb0.1900: 0000000000cb6000-0000000000cb4fff 0x0000/0x0004 0x0020000 1bb0.1900: 0000000000cb7000-0000000000cadfff 0x0001/0x0000 0x0000000 1bb0.1900: *0000000000cc0000-0000000000cb6fff 0x0000/0x0004 0x0020000 1bb0.1900: 0000000000cc9000-0000000000bb8fff 0x0004/0x0004 0x0020000 1bb0.1900: 0000000000dd9000-0000000000dd7fff 0x0000/0x0004 0x0020000 1bb0.1900: 0000000000dda000-0000000000dd3fff 0x0001/0x0000 0x0000000 1bb0.1900: *0000000000de0000-0000000000dd9fff 0x0000/0x0004 0x0020000 1bb0.1900: 0000000000de6000-0000000000cd5fff 0x0004/0x0004 0x0020000 1bb0.1900: 0000000000ef6000-0000000000ef4fff 0x0000/0x0004 0x0020000 1bb0.1900: 0000000000ef7000-ffffffff81e0dfff 0x0001/0x0000 0x0000000 1bb0.1900: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 1bb0.1900: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 1bb0.1900: 000000007fff0000-ffff800a5ee6ffff 0x0001/0x0000 0x0000000 1bb0.1900: *00007ff6a1170000-00007ff6a116afff 0x0002/0x0002 0x0040000 1bb0.1900: 00007ff6a1175000-00007ff6a1079fff 0x0000/0x0002 0x0040000 1bb0.1900: *00007ff6a1270000-00007ff6a123cfff 0x0002/0x0002 0x0040000 1bb0.1900: 00007ff6a12a3000-00007ff6a129afff 0x0001/0x0000 0x0000000 1bb0.1900: *00007ff6a12ab000-00007ff6a12a9fff 0x0004/0x0004 0x0020000 1bb0.1900: 00007ff6a12ac000-00007ff6a12a9fff 0x0001/0x0000 0x0000000 1bb0.1900: *00007ff6a12ae000-00007ff6a12abfff 0x0004/0x0004 0x0020000 1bb0.1900: 00007ff6a12b0000-00007ff6a06effff 0x0001/0x0000 0x0000000 1bb0.1900: *00007ff6a1e70000-00007ff6a1e6efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1bb0.1900: 00007ff6a1e71000-00007ff6a1df0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1bb0.1900: 00007ff6a1ef1000-00007ff6a1eb9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1bb0.1900: 00007ff6a1f28000-00007ff6a1f1efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1bb0.1900: 00007ff6a1f31000-00007ff6a1ef7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1bb0.1900: 00007ff6a1f6a000-00007ff4391d3fff 0x0001/0x0000 0x0000000 1bb0.1900: *00007ff90ad00000-00007ff90acfefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 1bb0.1900: 00007ff90ad01000-00007ff90ac13fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 1bb0.1900: 00007ff90adee000-00007ff90adeafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 1bb0.1900: 00007ff90adf1000-00007ff90adeffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 1bb0.1900: 00007ff90adf2000-00007ff90add4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 1bb0.1900: 00007ff90ae0f000-00007ff9084cdfff 0x0001/0x0000 0x0000000 1bb0.1900: *00007ff90d750000-00007ff90d74efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 1bb0.1900: 00007ff90d751000-00007ff90d63dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 1bb0.1900: 00007ff90d864000-00007ff90d862fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 1bb0.1900: 00007ff90d865000-00007ff90d863fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 1bb0.1900: 00007ff90d866000-00007ff90d841fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 1bb0.1900: 00007ff90d88a000-00007ff90d873fff 0x0001/0x0000 0x0000000 1bb0.1900: *00007ff90d8a0000-00007ff90d89efff 0x0004/0x0004 0x0020000 1bb0.1900: 00007ff90d8a1000-00007ff90d891fff 0x0001/0x0000 0x0000000 1bb0.1900: *00007ff90d8b0000-00007ff90d8aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1bb0.1900: 00007ff90d8b1000-00007ff90d78bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1bb0.1900: 00007ff90d9d6000-00007ff90d9ccfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1bb0.1900: 00007ff90d9df000-00007ff90d9d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1bb0.1900: 00007ff90d9ed000-00007ff90d9ebfff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1bb0.1900: 00007ff90d9ee000-00007ff90d985fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1bb0.1900: 00007ff90da56000-00007ff21b4cbfff 0x0001/0x0000 0x0000000 1bb0.1900: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 1bb0.1900: SUPR3HardenedMain: Respawn #2 1bb0.1900: supR3HardNtEnableThreadCreation: 1bb0.1900: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff90d919c5c pvNtTerminateThread=00007ff90d941ba0 1bb0.1900: supR3HardenedWinDoReSpawn(2): New child 1a18.fa0 [kernel32]. 1bb0.1900: supR3HardenedWinPurifyChild: PebBaseAddress=00007ff6a1397000 cbPeb=0x388 1bb0.1900: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff90d8b0000 uNtDllChildAddr=00007ff90d8b0000 1bb0.1900: supR3HardNtPuChTriggerInitialImageEvents: uLdrInitThunk=00007ff90d919c5c uNtTerminateThread=00007ff90d941ba0 1bb0.1900: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff90d919c5c pvNtTerminateThread=00007ff90d941ba0 1bb0.1900: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports 1bb0.1900: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll) 1bb0.1900: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1bb0.1900: supR3HardNtPuChTriggerInitialImageEvents: mapping view of ntdll.dll[2nd] 1bb0.1900: supR3HardNtPuChTriggerInitialImageEvents: ntdll.dll[2nd] mapped at 0000000000a40000 LB 0x1a6000 1bb0.1900: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll) 1bb0.1900: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll 1bb0.1900: supR3HardNtPuChTriggerInitialImageEvents: mapping view of kernel32.dll 1bb0.1900: supR3HardNtPuChTriggerInitialImageEvents: kernel32.dll mapped at 00007ff90d750000 LB 0x13a000 1bb0.1900: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll) 1bb0.1900: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 1bb0.1900: supR3HardNtPuChTriggerInitialImageEvents: mapping view of KernelBase.dll 1bb0.1900: supR3HardNtPuChTriggerInitialImageEvents: KernelBase.dll mapped at 00007ff90ad00000 LB 0x10f000 1bb0.1900: supR3HardNtPuChTriggerInitialImageEvents: Startup delay kludge #1: 16 ms 1bb0.1900: supR3HardNtEnableThreadCreation: 1bb0.1900: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 1bb0.1900: *0000000000000000-ffffffffff70ffff 0x0001/0x0000 0x0000000 1bb0.1900: *00000000008f0000-00000000008cffff 0x0004/0x0004 0x0020000 1bb0.1900: *0000000000910000-0000000000900fff 0x0002/0x0002 0x0040000 1bb0.1900: 000000000091f000-000000000091dfff 0x0001/0x0000 0x0000000 1bb0.1900: *0000000000920000-0000000000823fff 0x0000/0x0004 0x0020000 1bb0.1900: 0000000000a1c000-0000000000a18fff 0x0104/0x0004 0x0020000 1bb0.1900: 0000000000a1f000-0000000000a1dfff 0x0004/0x0004 0x0020000 1bb0.1900: *0000000000a20000-0000000000a1bfff 0x0002/0x0002 0x0040000 1bb0.1900: 0000000000a24000-0000000000a17fff 0x0001/0x0000 0x0000000 1bb0.1900: *0000000000a30000-0000000000a2dfff 0x0004/0x0004 0x0020000 1bb0.1900: 0000000000a32000-ffffffff81483fff 0x0001/0x0000 0x0000000 1bb0.1900: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 1bb0.1900: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 1bb0.1900: 000000007fff0000-ffff800a5ec7ffff 0x0001/0x0000 0x0000000 1bb0.1900: *00007ff6a1360000-00007ff6a132cfff 0x0002/0x0002 0x0040000 1bb0.1900: 00007ff6a1393000-00007ff6a138efff 0x0001/0x0000 0x0000000 1bb0.1900: *00007ff6a1397000-00007ff6a1395fff 0x0004/0x0004 0x0020000 1bb0.1900: 00007ff6a1398000-00007ff6a1391fff 0x0001/0x0000 0x0000000 1bb0.1900: *00007ff6a139e000-00007ff6a139bfff 0x0004/0x0004 0x0020000 1bb0.1900: 00007ff6a13a0000-00007ff6a08cffff 0x0001/0x0000 0x0000000 1bb0.1900: *00007ff6a1e70000-00007ff6a1e6efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1bb0.1900: 00007ff6a1e71000-00007ff6a1df1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1bb0.1900: 00007ff6a1ef0000-00007ff6a1eeefff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1bb0.1900: 00007ff6a1ef1000-00007ff6a1eb9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1bb0.1900: 00007ff6a1f28000-00007ff6a1f1efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1bb0.1900: 00007ff6a1f31000-00007ff6a1ef7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1bb0.1900: 00007ff6a1f6a000-00007ff436623fff 0x0001/0x0000 0x0000000 1bb0.1900: *00007ff90d8b0000-00007ff90d8aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1bb0.1900: 00007ff90d8b1000-00007ff90d78bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1bb0.1900: 00007ff90d9d6000-00007ff90d9ccfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1bb0.1900: 00007ff90d9df000-00007ff90d9d1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1bb0.1900: 00007ff90d9ec000-00007ff90d9eafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1bb0.1900: 00007ff90d9ed000-00007ff90d9ebfff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1bb0.1900: 00007ff90d9ee000-00007ff90d985fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1bb0.1900: 00007ff90da56000-00007ff21b4cbfff 0x0001/0x0000 0x0000000 1bb0.1900: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 1a18.fa0: Log file opened: 4.3.16r95972 g_hStartupLog=0000000000000010 g_uNtVerCombined=0x63258000 1a18.fa0: Calling main() 1a18.fa0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 1a18.fa0: System32: \Device\HarddiskVolume3\Windows\System32 1a18.fa0: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS 1a18.fa0: ProgDir: \Device\HarddiskVolume3\Program Files 1a18.fa0: ComDir: \Device\HarddiskVolume3\Program Files\Common Files 1a18.fa0: ProgDir32: \Device\HarddiskVolume3\Program Files (x86) 1a18.fa0: ComDir32: \Device\HarddiskVolume3\Program Files (x86)\Common Files 1a18.fa0: supR3HardenedWinInit: Startup delay kludge #2/0: 94 ms, 12 sleeps 1a18.fa0: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION 1a18.fa0: *0000000000000000-ffffffffff70ffff 0x0001/0x0000 0x0000000 1a18.fa0: *00000000008f0000-00000000008dffff 0x0004/0x0004 0x0040000 1a18.fa0: 0000000000900000-00000000008effff 0x0001/0x0000 0x0000000 1a18.fa0: *0000000000910000-0000000000900fff 0x0002/0x0002 0x0040000 1a18.fa0: 000000000091f000-000000000091dfff 0x0001/0x0000 0x0000000 1a18.fa0: *0000000000920000-0000000000824fff 0x0000/0x0004 0x0020000 1a18.fa0: 0000000000a1b000-0000000000a17fff 0x0104/0x0004 0x0020000 1a18.fa0: 0000000000a1e000-0000000000a1bfff 0x0004/0x0004 0x0020000 1a18.fa0: *0000000000a20000-0000000000a1bfff 0x0002/0x0002 0x0040000 1a18.fa0: 0000000000a24000-0000000000a17fff 0x0001/0x0000 0x0000000 1a18.fa0: *0000000000a30000-0000000000a2dfff 0x0004/0x0004 0x0020000 1a18.fa0: 0000000000a32000-0000000000a23fff 0x0001/0x0000 0x0000000 1a18.fa0: *0000000000a40000-00000000009c1fff 0x0002/0x0002 0x0040000 1a18.fa0: 0000000000abe000-0000000000abbfff 0x0001/0x0000 0x0000000 1a18.fa0: *0000000000ac0000-0000000000abdfff 0x0004/0x0004 0x0020000 1a18.fa0: 0000000000ac2000-0000000000aa9fff 0x0000/0x0004 0x0020000 1a18.fa0: 0000000000ada000-00000000009a3fff 0x0001/0x0000 0x0000000 1a18.fa0: *0000000000c10000-0000000000be1fff 0x0004/0x0004 0x0020000 1a18.fa0: 0000000000c3e000-0000000000b6bfff 0x0000/0x0004 0x0020000 1a18.fa0: *0000000000d10000-0000000000d0bfff 0x0000/0x0004 0x0020000 1a18.fa0: 0000000000d14000-0000000000b6cfff 0x0004/0x0004 0x0020000 1a18.fa0: 0000000000ebb000-0000000000eb9fff 0x0000/0x0004 0x0020000 1a18.fa0: 0000000000ebc000-ffffffff81d97fff 0x0001/0x0000 0x0000000 1a18.fa0: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 1a18.fa0: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 1a18.fa0: 000000007fff0000-ffff800a5ed7ffff 0x0001/0x0000 0x0000000 1a18.fa0: *00007ff6a1260000-00007ff6a125afff 0x0002/0x0002 0x0040000 1a18.fa0: 00007ff6a1265000-00007ff6a1169fff 0x0000/0x0002 0x0040000 1a18.fa0: *00007ff6a1360000-00007ff6a132cfff 0x0002/0x0002 0x0040000 1a18.fa0: 00007ff6a1393000-00007ff6a138efff 0x0001/0x0000 0x0000000 1a18.fa0: *00007ff6a1397000-00007ff6a1395fff 0x0004/0x0004 0x0020000 1a18.fa0: 00007ff6a1398000-00007ff6a1391fff 0x0001/0x0000 0x0000000 1a18.fa0: *00007ff6a139e000-00007ff6a139bfff 0x0004/0x0004 0x0020000 1a18.fa0: 00007ff6a13a0000-00007ff6a08cffff 0x0001/0x0000 0x0000000 1a18.fa0: *00007ff6a1e70000-00007ff6a1e6efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1a18.fa0: 00007ff6a1e71000-00007ff6a1df1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1a18.fa0: 00007ff6a1ef0000-00007ff6a1eeefff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1a18.fa0: 00007ff6a1ef1000-00007ff6a1eb9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1a18.fa0: 00007ff6a1f28000-00007ff6a1f1efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1a18.fa0: 00007ff6a1f31000-00007ff6a1ef7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1a18.fa0: 00007ff6a1f6a000-00007ff4391d3fff 0x0001/0x0000 0x0000000 1a18.fa0: *00007ff90ad00000-00007ff90acfefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 1a18.fa0: 00007ff90ad01000-00007ff90ac13fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 1a18.fa0: 00007ff90adee000-00007ff90adeafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 1a18.fa0: 00007ff90adf1000-00007ff90adeffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 1a18.fa0: 00007ff90adf2000-00007ff90add4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 1a18.fa0: 00007ff90ae0f000-00007ff9084cdfff 0x0001/0x0000 0x0000000 1a18.fa0: *00007ff90d750000-00007ff90d74efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 1a18.fa0: 00007ff90d751000-00007ff90d63dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 1a18.fa0: 00007ff90d864000-00007ff90d862fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 1a18.fa0: 00007ff90d865000-00007ff90d863fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 1a18.fa0: 00007ff90d866000-00007ff90d841fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 1a18.fa0: 00007ff90d88a000-00007ff90d863fff 0x0001/0x0000 0x0000000 1a18.fa0: *00007ff90d8b0000-00007ff90d8aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1a18.fa0: 00007ff90d8b1000-00007ff90d78bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1a18.fa0: 00007ff90d9d6000-00007ff90d9ccfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1a18.fa0: 00007ff90d9df000-00007ff90d9d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1a18.fa0: 00007ff90d9ed000-00007ff90d9ebfff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1a18.fa0: 00007ff90d9ee000-00007ff90d985fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1a18.fa0: 00007ff90da56000-00007ff21b4cbfff 0x0001/0x0000 0x0000000 1a18.fa0: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 1a18.fa0: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1a18.fa0: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports 1a18.fa0: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe) 1a18.fa0: supHardNtVpScanVirtualMemory: enmKind=VERIFY_ONLY 1a18.fa0: *0000000000000000-ffffffffff70ffff 0x0001/0x0000 0x0000000 1a18.fa0: *00000000008f0000-00000000008dffff 0x0004/0x0004 0x0040000 1a18.fa0: 0000000000900000-00000000008effff 0x0001/0x0000 0x0000000 1a18.fa0: *0000000000910000-0000000000900fff 0x0002/0x0002 0x0040000 1a18.fa0: 000000000091f000-000000000091dfff 0x0001/0x0000 0x0000000 1a18.fa0: *0000000000920000-0000000000826fff 0x0000/0x0004 0x0020000 1a18.fa0: 0000000000a19000-0000000000a15fff 0x0104/0x0004 0x0020000 1a18.fa0: 0000000000a1c000-0000000000a17fff 0x0004/0x0004 0x0020000 1a18.fa0: *0000000000a20000-0000000000a1bfff 0x0002/0x0002 0x0040000 1a18.fa0: 0000000000a24000-0000000000a17fff 0x0001/0x0000 0x0000000 1a18.fa0: *0000000000a30000-0000000000a2dfff 0x0004/0x0004 0x0020000 1a18.fa0: 0000000000a32000-0000000000a23fff 0x0001/0x0000 0x0000000 1a18.fa0: *0000000000a40000-00000000009c1fff 0x0002/0x0002 0x0040000 1a18.fa0: 0000000000abe000-0000000000abbfff 0x0001/0x0000 0x0000000 1a18.fa0: *0000000000ac0000-0000000000abdfff 0x0004/0x0004 0x0020000 1a18.fa0: 0000000000ac2000-0000000000aa9fff 0x0000/0x0004 0x0020000 1a18.fa0: 0000000000ada000-0000000000ad3fff 0x0001/0x0000 0x0000000 1a18.fa0: *0000000000ae0000-00000000009e0fff 0x0004/0x0004 0x0020000 1a18.fa0: 0000000000bdf000-0000000000bddfff 0x0000/0x0004 0x0020000 1a18.fa0: 0000000000be0000-0000000000baffff 0x0001/0x0000 0x0000000 1a18.fa0: *0000000000c10000-0000000000bd4fff 0x0004/0x0004 0x0020000 1a18.fa0: 0000000000c4b000-0000000000c49fff 0x0000/0x0004 0x0020000 1a18.fa0: 0000000000c4c000-0000000000c43fff 0x0004/0x0004 0x0020000 1a18.fa0: 0000000000c54000-0000000000c43fff 0x0000/0x0004 0x0020000 1a18.fa0: 0000000000c64000-0000000000c50fff 0x0004/0x0004 0x0020000 1a18.fa0: 0000000000c77000-0000000000bddfff 0x0000/0x0004 0x0020000 1a18.fa0: *0000000000d10000-0000000000d0bfff 0x0000/0x0004 0x0020000 1a18.fa0: 0000000000d14000-0000000000b6cfff 0x0004/0x0004 0x0020000 1a18.fa0: 0000000000ebb000-0000000000eb9fff 0x0000/0x0004 0x0020000 1a18.fa0: 0000000000ebc000-0000000000eb7fff 0x0001/0x0000 0x0000000 1a18.fa0: *0000000000ec0000-0000000000eb9fff 0x0000/0x0004 0x0020000 1a18.fa0: 0000000000ec6000-0000000000d8afff 0x0004/0x0004 0x0020000 1a18.fa0: 0000000001001000-0000000000ffffff 0x0000/0x0004 0x0020000 1a18.fa0: 0000000001002000-0000000000ff3fff 0x0001/0x0000 0x0000000 1a18.fa0: *0000000001010000-0000000001009fff 0x0000/0x0004 0x0020000 1a18.fa0: 0000000001016000-0000000000f05fff 0x0004/0x0004 0x0020000 1a18.fa0: 0000000001126000-0000000001124fff 0x0000/0x0004 0x0020000 1a18.fa0: 0000000001127000-000000000111dfff 0x0001/0x0000 0x0000000 1a18.fa0: *0000000001130000-0000000001122fff 0x0000/0x0004 0x0020000 1a18.fa0: 000000000113d000-000000000102cfff 0x0004/0x0004 0x0020000 1a18.fa0: 000000000124d000-000000000124bfff 0x0000/0x0004 0x0020000 1a18.fa0: 000000000124e000-ffffffff824bbfff 0x0001/0x0000 0x0000000 1a18.fa0: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 1a18.fa0: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 1a18.fa0: 000000007fff0000-ffff800a5ed7ffff 0x0001/0x0000 0x0000000 1a18.fa0: *00007ff6a1260000-00007ff6a125afff 0x0002/0x0002 0x0040000 1a18.fa0: 00007ff6a1265000-00007ff6a1169fff 0x0000/0x0002 0x0040000 1a18.fa0: *00007ff6a1360000-00007ff6a132cfff 0x0002/0x0002 0x0040000 1a18.fa0: 00007ff6a1393000-00007ff6a138efff 0x0001/0x0000 0x0000000 1a18.fa0: *00007ff6a1397000-00007ff6a1395fff 0x0004/0x0004 0x0020000 1a18.fa0: 00007ff6a1398000-00007ff6a1391fff 0x0001/0x0000 0x0000000 1a18.fa0: *00007ff6a139e000-00007ff6a139bfff 0x0004/0x0004 0x0020000 1a18.fa0: 00007ff6a13a0000-00007ff6a08cffff 0x0001/0x0000 0x0000000 1a18.fa0: *00007ff6a1e70000-00007ff6a1e6efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1a18.fa0: 00007ff6a1e71000-00007ff6a1df0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1a18.fa0: 00007ff6a1ef1000-00007ff6a1eb9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1a18.fa0: 00007ff6a1f28000-00007ff6a1f1efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1a18.fa0: 00007ff6a1f31000-00007ff6a1ef7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1a18.fa0: 00007ff6a1f6a000-00007ff4391d3fff 0x0001/0x0000 0x0000000 1a18.fa0: *00007ff90ad00000-00007ff90acfefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 1a18.fa0: 00007ff90ad01000-00007ff90ac13fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 1a18.fa0: 00007ff90adee000-00007ff90adeafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 1a18.fa0: 00007ff90adf1000-00007ff90adeffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 1a18.fa0: 00007ff90adf2000-00007ff90add4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 1a18.fa0: 00007ff90ae0f000-00007ff9084cdfff 0x0001/0x0000 0x0000000 1a18.fa0: *00007ff90d750000-00007ff90d74efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 1a18.fa0: 00007ff90d751000-00007ff90d63dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 1a18.fa0: 00007ff90d864000-00007ff90d862fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 1a18.fa0: 00007ff90d865000-00007ff90d863fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 1a18.fa0: 00007ff90d866000-00007ff90d841fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 1a18.fa0: 00007ff90d88a000-00007ff90d873fff 0x0001/0x0000 0x0000000 1a18.fa0: *00007ff90d8a0000-00007ff90d89efff 0x0004/0x0004 0x0020000 1a18.fa0: 00007ff90d8a1000-00007ff90d891fff 0x0001/0x0000 0x0000000 1a18.fa0: *00007ff90d8b0000-00007ff90d8aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1a18.fa0: 00007ff90d8b1000-00007ff90d78bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1a18.fa0: 00007ff90d9d6000-00007ff90d9ccfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1a18.fa0: 00007ff90d9df000-00007ff90d9d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1a18.fa0: 00007ff90d9ed000-00007ff90d9ebfff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1a18.fa0: 00007ff90d9ee000-00007ff90d985fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1a18.fa0: 00007ff90da56000-00007ff21b4cbfff 0x0001/0x0000 0x0000000 1a18.fa0: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 1a18.fa0: SUPR3HardenedMain: Final process, opening VBoxDrv... 1a18.fa0: supR3HardNtEnableThreadCreation: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL *pfFlags=0x0 pwszSearchPath=0000000000000801: 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fea10000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fea10000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fea10000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll *pfFlags=0x0 pwszSearchPath=0000000000000801: 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'crypt32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'msasn1.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'msasn1.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b040000 'C:\Windows\system32\Wintrust.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b040000 'C:\Windows\System32\WINTRUST.DLL' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b040000 'C:\Windows\System32\WINTRUST.DLL' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b040000 'C:\Windows\System32\WINTRUST.DLL' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b040000 'C:\Windows\System32\WINTRUST.DLL' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b040000 'C:\Windows\System32\WINTRUST.DLL' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b040000 'C:\Windows\System32\WINTRUST.DLL' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b040000 'C:\Windows\System32\WINTRUST.DLL' 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=kernel32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'kernel32.dll' -> 'C:\Windows\system32\kernel32.dll' [rcNt=0xc0150008] 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90d750000 'C:\Windows\system32\kernel32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b040000 'C:\Windows\System32\WINTRUST.DLL' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll *pfFlags=0x2 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\CRYPT32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'bcrypt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ntasn1.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ncrypt.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ncrypt.dll 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntasn1.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntasn1.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntasn1.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\ntasn1.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntasn1.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ab10000 'C:\Windows\system32\bcryptprimitives.dll' 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=cryptnet.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'cryptnet.dll' -> 'C:\Windows\system32\cryptnet.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'crypt32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'wldap32.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume3\Windows\System32\wldap32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\Wldap32.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\Wldap32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904a40000 'C:\Windows\system32\cryptnet.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904a40000 'C:\Windows\system32\cryptnet.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904a40000 'C:\Windows\system32\cryptnet.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904a40000 'C:\Windows\system32\cryptnet.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904a40000 'C:\Windows\system32\cryptnet.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904a40000 'C:\Windows\system32\cryptnet.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904a40000 'C:\Windows\system32\cryptnet.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904a40000 'C:\Windows\system32\cryptnet.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904a40000 'C:\Windows\system32\cryptnet.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904a40000 'C:\Windows\system32\cryptnet.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904a40000 'C:\Windows\system32\cryptnet.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904a40000 'C:\Windows\system32\cryptnet.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904a40000 'C:\Windows\System32\cryptnet.dll' 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7F4DBD57735AA8D272712E3B59634C9F87BD4711 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=rpcrt4.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'rpcrt4.dll' -> 'C:\Windows\system32\rpcrt4.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b7f0000 'C:\Windows\system32\rpcrt4.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b040000 'C:\Windows\System32\WINTRUST.DLL' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b040000 'C:\Windows\System32\WINTRUST.DLL' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b040000 'C:\Windows\System32\WINTRUST.DLL' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b040000 'C:\Windows\System32\WINTRUST.DLL' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b040000 'C:\Windows\System32\WINTRUST.DLL' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b040000 'C:\Windows\System32\WINTRUST.DLL' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b040000 'C:\Windows\System32\WINTRUST.DLL' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_58_for_KB2984006~31bf3856ad364e35~amd64~~6.3.1.4.cat'; file='\SystemRoot\System32\ntdll.dll' 1a18.fa0: g_pfnWinVerifyTrust=00007ff90b041040 1a18.fa0: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' 1a18.fa0: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000370 pwszName=\Device\HarddiskVolume3\Windows\System32\Wldap32.dll 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A08496AE026B14E832621417F248DDCAECD22079 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_76_for_KB2984006~31bf3856ad364e35~amd64~~6.3.1.4.cat'; file='\Device\HarddiskVolume3\Windows\System32\Wldap32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\Wldap32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000036c pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0315578F0B76A9760FEA2715053C51E46A277B04 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-CoreSystem-DS-Package~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntasn1.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ncrypt.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000801: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0x6e1ee6086d95d900 CN=Dennis5 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp. 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0x75a2ccecb8259a00 C=TW, O=Government Root Certification Authority 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0x91e3728b8b40d000 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0x266e9b638ffac00 C=HK, O=Hongkong Post, CN=Hongkong Post Root CA 1 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0xff3891b54348328 C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0x6e2ba21058eedf00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048) 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0x30669a4e82fa800 C=US, O=America Online Inc., CN=America Online Root Certification Authority 1 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0x9259c8abe5ca713a L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 Policy Validation Authority, CN=http://www.valicert.com/, Email=info@valicert.com 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA 1a18.fa0: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root 1a18.fa0: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=45 1a18.fa0: SUPR3HardenedMain: Load Runtime... 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000a01: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll)WinVerifyTrust 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'nsi.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll)WinVerifyTrust 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' 1a18.fa0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\nsi.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll)WinVerifyTrust 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' 1a18.fa0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll)WinVerifyTrust 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust] 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dfdb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dfdb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dfdb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dfdb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dfdb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dfdb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dfdb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dfdb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dfdb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dfdb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dfdb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dfdb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dfdb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dfdb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dfdb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dfdb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dfdb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dfdb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dfdb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dfdb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dfdb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dfdb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dfdb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dfdb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dfdb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dfdb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dfdb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dfdb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dfdb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dfdb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dfdb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dfdb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dfdb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll *pfFlags=0x0 pwszSearchPath=0000000000000801: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b040000 'C:\Windows\system32\Wintrust.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000801: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: SUPR3HardenedMain: Load TrustedMain... 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll *pfFlags=0x0 pwszSearchPath=0000000000000a01: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll)WinVerifyTrust 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll)WinVerifyTrust 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000430 pwszName=\Device\HarddiskVolume3\Windows\System32\comdlg32.dll 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D07100D567670EB6C18EAD4F8F1561AE4F40E0A5 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' 1a18.fa0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'gdi32.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' 1a18.fa0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'devobj.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmmbase.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmmbase.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' 1a18.fa0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\devobj.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'cfgmgr32.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devobj.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' 1a18.fa0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'user32.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' 1a18.fa0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_546_for_KB2975719~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\comdlg32.dll)WinVerifyTrust 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comdlg32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' 1a18.fa0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'user32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'shlwapi.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #59 'gdi32.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' 1a18.fa0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\comctl32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\comctl32.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comctl32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' 1a18.fa0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll)WinVerifyTrust 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' 1a18.fa0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'gdi32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll)WinVerifyTrust 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [redoing WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll)WinVerifyTrust 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' 1a18.fa0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtguivbox4.dll' 1a18.fa0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' 1a18.fa0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume3\Windows\System32\ddraw.dll' 1a18.fa0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\ddraw.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'user32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'gdi32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'dciman32.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\ddraw.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ddraw.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' 1a18.fa0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume3\Windows\System32\winspool.drv' 1a18.fa0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\winspool.drv'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\winspool.drv) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winspool.drv 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' 1a18.fa0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'msctf.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\comdlg32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume3\Windows\System32\msctf.dll' 1a18.fa0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msctf.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'imm32.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msctf.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume3\Windows\System32\dciman32.dll' 1a18.fa0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\dciman32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dciman32.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dciman32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll)WinVerifyTrust 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtguivbox4.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [redoing WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [redoing WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [redoing WinVerifyTrust] 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ac pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E7B21317A30D467EC23A2D5AE5A00919E81ECF45 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.fa0: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust] 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ddraw.dll [avoiding WinVerifyTrust] 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\winspool.drv [avoiding WinVerifyTrust] 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust] 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.16384_none_34a8918f959016ea\comctl32.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.16384_none_34a8918f959016ea\comctl32.dll 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust] 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dciman32.dll [avoiding WinVerifyTrust] 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust] 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll [avoiding WinVerifyTrust] 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'combase.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000510 pwszName=\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.16384_none_34a8918f959016ea\comctl32.dll 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0B6F85C85728A0522988F3BA15B32993C5E6F65A 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.16384_none_34a8918f959016ea\comctl32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.16384_none_34a8918f959016ea\comctl32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d0 pwszName=\Device\HarddiskVolume3\Windows\System32\dciman32.dll 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F7054D7E2435C8185055FC10D72A003A1DA9E42A 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\dciman32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dciman32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000504 pwszName=\Device\HarddiskVolume3\Windows\System32\winspool.drv 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=301C08682DA17C67E9303CDB8A53D6714879AAB6 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_458_for_KB2975719~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume3\Windows\System32\winspool.drv' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winspool.drv' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000534 pwszName=\Device\HarddiskVolume3\Windows\System32\glu32.dll 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3E2A9E0BA990B5B324512157B6832A46A7F5FC7E 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\glu32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c8 pwszName=\Device\HarddiskVolume3\Windows\System32\ddraw.dll 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=31DF65C62254C7AE52D40C6878D7F8B35E0367A8 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\ddraw.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ddraw.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ec pwszName=\Device\HarddiskVolume3\Windows\System32\comctl32.dll 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0B6F85C85728A0522988F3BA15B32993C5E6F65A 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\comctl32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\devobj.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=imm32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'imm32.dll' -> 'C:\Windows\system32\imm32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b200000 'C:\Windows\system32\imm32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8df530000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll' 1a18.fa0: SUPR3HardenedMain: Calling TrustedMain (00007ff8df531ca0)... 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff909050000 'C:\Windows\system32\winmm.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll *pfFlags=0x0 pwszSearchPath=0000000000000009: 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005bc pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4235D21C52BC6FC9D5B6A7B3CE61ED85F804B2B7 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2550_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll)WinVerifyTrust 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff909940000 'C:\Windows\system32\uxtheme.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll *pfFlags=0x0 pwszSearchPath=0000000000000009: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff909940000 'C:\Windows\system32\uxtheme.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll *pfFlags=0x0 pwszSearchPath=0000000000000009: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff909940000 'C:\Windows\system32\uxtheme.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll *pfFlags=0x0 pwszSearchPath=0000000000000009: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff909940000 'C:\Windows\system32\uxtheme.dll' 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'user32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'gdi32.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dwmapi.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90d750000 'C:\Windows\system32\kernel32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff909940000 'C:\Windows\system32\uxtheme.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff909940000 'C:\Windows\system32\uxtheme.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 2 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\user32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b5a0000 'C:\Windows\system32\user32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff909940000 'C:\Windows\system32\uxtheme.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\user32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b5a0000 'C:\Windows\system32\user32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\advapi32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b430000 'C:\Windows\system32\advapi32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'profapi.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll)WinVerifyTrust 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a2a0000 'C:\Windows\system32\userenv.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90d750000 'C:\Windows\system32\kernel32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll *pfFlags=0x0 pwszSearchPath=0000000000000009: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b4e0000 'C:\Windows\System32\oleaut32.dll' 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\sxs.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sxs.dll 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000690 pwszName=\Device\HarddiskVolume3\Windows\System32\sxs.dll 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=687F47861CE02066FB64E8228B3C4D091FA20854 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume3\Windows\System32\sxs.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sxs.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=OLEAUT32 *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'OLEAUT32' -> 'C:\Windows\system32\OLEAUT32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b4e0000 'C:\Windows\system32\OLEAUT32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 2 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90d310000 'C:\Windows\system32\gdi32.dll' 1a18.af8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll *pfFlags=0x0 pwszSearchPath=0000000000000009: 1a18.af8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.af8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.af8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.af8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1a18.af8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 1a18.af8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1a18.af8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 1a18.af8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. 1a18.af8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. 1a18.af8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'. 1a18.af8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll)WinVerifyTrust 1a18.af8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll 1a18.af8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1a18.af8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' 1a18.af8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 1a18.af8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1a18.af8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' 1a18.af8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 1a18.af8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1a18.af8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' 1a18.af8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 1a18.af8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1a18.af8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' 1a18.af8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 1a18.af8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1a18.af8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' 1a18.af8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.af8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1a18.af8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' 1a18.af8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 1a18.af8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1a18.af8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' 1a18.af8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 1a18.af8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll 1a18.af8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8df040000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\user32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b5a0000 'C:\Windows\system32\user32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll *pfFlags=0x0 pwszSearchPath=0000000000000009: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b2b0000 'C:\Windows\system32\ole32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll *pfFlags=0x0 pwszSearchPath=0000000000000009: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ba40000 'C:\Windows\system32\MSCTF.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=ole32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'ole32.dll' -> 'C:\Windows\system32\ole32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b2b0000 'C:\Windows\system32\ole32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=OLEAUT32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'OLEAUT32.dll' -> 'C:\Windows\system32\OLEAUT32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b4e0000 'C:\Windows\system32\OLEAUT32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll *pfFlags=0x0 pwszSearchPath=0000000000000009: 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a3c pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7236FDED02E3449B6CA92FB6E4246EBF9068E8BF 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_110_for_KB2962409~31bf3856ad364e35~amd64~~6.3.1.2.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll)WinVerifyTrust 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a58 pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C8CF4605B4B026F3426876C8B971F3B65D680FCA 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'ws2_32.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll)WinVerifyTrust 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000000009: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ad00000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff905470000 'C:\Windows\system32\wbem\wbemprox.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll *pfFlags=0x0 pwszSearchPath=0000000000000009: 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a5c pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CAF9F72D1022230646E0EDB101D9050122FBB222 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_110_for_KB2962409~31bf3856ad364e35~amd64~~6.3.1.2.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll)WinVerifyTrust 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff900c90000 'C:\Windows\system32\wbem\wbemsvc.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll *pfFlags=0x0 pwszSearchPath=0000000000000009: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ad00000 'api-ms-win-core-localization-l1-2-0.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000000009: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ad00000 'api-ms-win-core-localization-obsolete-l1-1-0.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll *pfFlags=0x0 pwszSearchPath=0000000000000009: 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ab8 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3F29F8F4F858A7AFDF4CD047A78948C26E8333B6 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll)WinVerifyTrust 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff900cf0000 'C:\Windows\system32\wbem\fastprox.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=OLEAUT32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'OLEAUT32.dll' -> 'C:\Windows\system32\OLEAUT32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b4e0000 'C:\Windows\system32\OLEAUT32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\comctl32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b090000 'C:\Windows\system32\comctl32.dll' 1a18.1b4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1b4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.1b4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.1b4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1b4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1b4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.1b4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.1b4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1a18.1b4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'. 1a18.1b4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1a18.1b4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll)WinVerifyTrust 1a18.1b4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll 1a18.1b4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1a18.1b4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' 1a18.1b4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.1b4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'... 1a18.1b4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrem.dll' 1a18.1b4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1b4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.1b4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.1b4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'. 1a18.1b4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 1a18.1b4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'. 1a18.1b4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll)WinVerifyTrust 1a18.1b4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll 1a18.1b4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1a18.1b4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' 1a18.1b4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 1a18.1b4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.1b4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.1b4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.1b4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 1a18.1b4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' 1a18.1b4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll 1a18.1b4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1a18.1b4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' 1a18.1b4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.1b4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll 1a18.1b4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll 1a18.1b4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8de830000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL' 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1b9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.cc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.cc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.cc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.cc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.cc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.cc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.cc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.cc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1a18.cc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 1a18.cc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1a18.cc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 1a18.cc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll)WinVerifyTrust 1a18.cc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll 1a18.cc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1a18.cc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' 1a18.cc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 1a18.cc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1a18.cc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' 1a18.cc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.cc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 1a18.cc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' 1a18.cc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll 1a18.cc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1a18.cc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' 1a18.cc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 1a18.cc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll 1a18.cc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff909070000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL' 1a18.1be8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1be8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.1be8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.1be8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1be8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1be8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.1be8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.1be8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1a18.1be8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 1a18.1be8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll)WinVerifyTrust 1a18.1be8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll 1a18.1be8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1a18.1be8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' 1a18.1be8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.1be8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1a18.1be8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' 1a18.1be8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 1a18.1be8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll 1a18.1be8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8feb40000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'. 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxvmm.dll'. 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxoglrenderspu.dll'. 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'. 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'. 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'oleaut32.dll'. 1a18.430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll)WinVerifyTrust 1a18.430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglrenderspu.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglrenderspu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxoglrenderspu.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'. 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'. 1a18.430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll)WinVerifyTrust 1a18.430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' 1a18.430: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll'. 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'. 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. 1a18.430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll) 1a18.430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'. 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. 1a18.430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll)WinVerifyTrust 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 1a18.430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll 1a18.430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [avoiding WinVerifyTrust] 1a18.430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8def10000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-version-l1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ad00000 'api-ms-win-core-version-l1-1-0.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\napinsp.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b4c pwszName=\Device\HarddiskVolume3\Windows\System32\NapiNSP.dll 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8548279B14A30E4824262EB33D657E95344DC 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-net~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\NapiNSP.dll' 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'. 1a18.430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\NapiNSP.dll)WinVerifyTrust 1a18.430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\NapiNSP.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NapiNSP.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9011c0000 'C:\Windows\system32\napinsp.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\pnrpnsp.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bec pwszName=\Device\HarddiskVolume3\Windows\System32\pnrpnsp.dll 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=941AFC268B172F15EE3A4722BA2DBB9E79DAFE82 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-PeerToPeer-Full-Package~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\pnrpnsp.dll' 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\pnrpnsp.dll)WinVerifyTrust 1a18.430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\pnrpnsp.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\pnrpnsp.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9011e0000 'C:\Windows\system32\pnrpnsp.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\pnrpnsp.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\pnrpnsp.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9011e0000 'C:\Windows\system32\pnrpnsp.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\NLAapi.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c40 pwszName=\Device\HarddiskVolume3\Windows\System32\nlaapi.dll 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9F21E64793E06E1BA9D416644C4FCD2C96CCA671 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-net~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\nlaapi.dll' 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 1a18.430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nlaapi.dll)WinVerifyTrust 1a18.430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nlaapi.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nlaapi.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff906a70000 'C:\Windows\system32\NLAapi.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\mswsock.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c58 pwszName=\Device\HarddiskVolume3\Windows\System32\mswsock.dll 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C64ACDC3BD0BFFE24C87951473EBAE5CBEDAA02F 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-CoreSystem-Minio-Package~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\mswsock.dll' 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'. 1a18.430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mswsock.dll)WinVerifyTrust 1a18.430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mswsock.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 1a18.430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mswsock.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a4f0000 'C:\Windows\System32\mswsock.dll' 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'ws2_32.dll'. 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'nsi.dll'. 1a18.430: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dnsapi.dll) 1a18.430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dnsapi.dll 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c48 pwszName=\Device\HarddiskVolume3\Windows\System32\dnsapi.dll 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=91348AB3DF193F9E876E8AABB42B2044FE3BC4F5 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_180_for_KB2934018~31bf3856ad364e35~amd64~~6.3.1.5.cat'; file='\Device\HarddiskVolume3\Windows\System32\dnsapi.dll' 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dnsapi.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\winrnr.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c88 pwszName=\Device\HarddiskVolume3\Windows\System32\winrnr.dll 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=302A56FC9F5DB19D5C8FFEFA3A432A33F3373816 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-ds~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\winrnr.dll' 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winrnr.dll)WinVerifyTrust 1a18.430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winrnr.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winrnr.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff901230000 'C:\Windows\System32\winrnr.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f4750000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'. 1a18.430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll)WinVerifyTrust 1a18.430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 1a18.430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f4730000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/opengl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fd9c0000 'C:\Windows\system32/opengl32.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=OPENGL32 *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedMonitor_LdrLoadDll: 'OPENGL32' -> 'C:\Windows\system32\OPENGL32.dll' [rcNt=0xc0150008] 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fd9c0000 'C:\Windows\system32\OPENGL32.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=gdi32 *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedMonitor_LdrLoadDll: 'gdi32' -> 'C:\Windows\system32\gdi32.dll' [rcNt=0xc0150008] 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90d310000 'C:\Windows\system32\gdi32.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=ig75icd64.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedMonitor_LdrLoadDll: 'ig75icd64.dll' -> 'C:\Windows\system32\ig75icd64.dll' [rcNt=0xc0150008] 1a18.430: \Device\HarddiskVolume3\Windows\System32\ig75icd64.dll: Owner is not trusted installer (01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00) 1a18.430: \Device\HarddiskVolume3\Windows\System32\ig75icd64.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cb0 pwszName=\Device\HarddiskVolume3\Windows\System32\ig75icd64.dll 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1DD7E3D4C7A1EE338A9B5B74131C3F022996A68C 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem51.cat'; file='\Device\HarddiskVolume3\Windows\System32\ig75icd64.dll' 1a18.430: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'. 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'igdusc64.dll'. 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'dwmapi.dll'. 1a18.430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ig75icd64.dll)WinVerifyTrust 1a18.430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ig75icd64.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'igdusc64.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'igdusc64.dll' -> '\Device\HarddiskVolume3\Windows\System32\igdusc64.dll' 1a18.430: \Device\HarddiskVolume3\Windows\System32\igdusc64.dll: Owner is not trusted installer (01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00) 1a18.430: \Device\HarddiskVolume3\Windows\System32\igdusc64.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.430: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x800b010a (CERT_E_CHAINING) on '\Device\HarddiskVolume3\Windows\System32\igdusc64.dll' 1a18.430: supHardenedWinVerifyImageByHandle: -> -22919 (\Device\HarddiskVolume3\Windows\System32\igdusc64.dll)WinVerifyTrust 1a18.430: Error (rc=0): 1a18.430: supR3HardenedScreenImage/Imports: rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume3\Windows\System32\igdusc64.dll: WinVerifyTrust failed with hrc=CERT_E_CHAINING on '\Device\HarddiskVolume3\Windows\System32\igdusc64.dll' 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll 1a18.430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ig75icd64.dll 1a18.430: \Device\HarddiskVolume3\Windows\System32\igdusc64.dll: Owner is not trusted installer (01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00) 1a18.430: \Device\HarddiskVolume3\Windows\System32\igdusc64.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 1a18.430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\igdusc64.dll) 1a18.430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\igdusc64.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dc0a0000 'C:\Windows\system32\ig75icd64.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.430: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x800b010a (CERT_E_CHAINING) on '\Device\HarddiskVolume3\Windows\System32\igdusc64.dll' 1a18.430: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\igdusc64.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=gdi32 *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedMonitor_LdrLoadDll: 'gdi32' -> 'C:\Windows\system32\gdi32.dll' [rcNt=0xc0150008] 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90d310000 'C:\Windows\system32\gdi32.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=gdi32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedMonitor_LdrLoadDll: 'gdi32.dll' -> 'C:\Windows\system32\gdi32.dll' [rcNt=0xc0150008] 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90d310000 'C:\Windows\system32\gdi32.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=OPENGL32 *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedMonitor_LdrLoadDll: 'OPENGL32' -> 'C:\Windows\system32\OPENGL32.dll' [rcNt=0xc0150008] 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fd9c0000 'C:\Windows\system32\OPENGL32.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=OPENGL32 *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedMonitor_LdrLoadDll: 'OPENGL32' -> 'C:\Windows\system32\OPENGL32.dll' [rcNt=0xc0150008] 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fd9c0000 'C:\Windows\system32\OPENGL32.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=OPENGL32 *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedMonitor_LdrLoadDll: 'OPENGL32' -> 'C:\Windows\system32\OPENGL32.dll' [rcNt=0xc0150008] 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fd9c0000 'C:\Windows\system32\OPENGL32.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=OPENGL32 *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedMonitor_LdrLoadDll: 'OPENGL32' -> 'C:\Windows\system32\OPENGL32.dll' [rcNt=0xc0150008] 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fd9c0000 'C:\Windows\system32\OPENGL32.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=OPENGL32 *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedMonitor_LdrLoadDll: 'OPENGL32' -> 'C:\Windows\system32\OPENGL32.dll' [rcNt=0xc0150008] 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fd9c0000 'C:\Windows\system32\OPENGL32.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=OPENGL32 *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedMonitor_LdrLoadDll: 'OPENGL32' -> 'C:\Windows\system32\OPENGL32.dll' [rcNt=0xc0150008] 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fd9c0000 'C:\Windows\system32\OPENGL32.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=OPENGL32 *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedMonitor_LdrLoadDll: 'OPENGL32' -> 'C:\Windows\system32\OPENGL32.dll' [rcNt=0xc0150008] 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fd9c0000 'C:\Windows\system32\OPENGL32.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=version.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedMonitor_LdrLoadDll: 'version.dll' -> 'C:\Windows\system32\version.dll' [rcNt=0xc0150008] 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 1a18.430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\version.dll)WinVerifyTrust 1a18.430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\version.dll 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904e80000 'C:\Windows\system32\version.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=OPENGL32 *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedMonitor_LdrLoadDll: 'OPENGL32' -> 'C:\Windows\system32\OPENGL32.dll' [rcNt=0xc0150008] 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fd9c0000 'C:\Windows\system32\OPENGL32.dll' 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'. 1a18.430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll) 1a18.430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll 1a18.208: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.208: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1a18.208: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' 1a18.208: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 1a18.208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.208: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.208: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.208: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.208: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.208: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.208: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.208: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.208: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' 1a18.208: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.208: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.208: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.208: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.208: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.208: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.208: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.208: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1a18.208: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 1a18.208: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1a18.208: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll)WinVerifyTrust 1a18.208: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll 1a18.208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1a18.208: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' 1a18.208: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1a18.208: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' 1a18.208: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 1a18.208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1a18.208: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' 1a18.208: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 1a18.208: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll 1a18.208: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fe130000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL' 1a18.37c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.37c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.37c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.37c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.37c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.37c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.37c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.37c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1a18.37c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 1a18.37c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1a18.37c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll)WinVerifyTrust 1a18.37c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll 1a18.37c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1a18.37c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' 1a18.37c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.37c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1a18.37c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' 1a18.37c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 1a18.37c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1a18.37c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' 1a18.37c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 1a18.37c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll 1a18.37c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f8310000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL' 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1b9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1b9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'. 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'. 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'. 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'. 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'. 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'. 1a18.1b9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll)WinVerifyTrust 1a18.1b9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1b9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.1b9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'. 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winnsi.dll'. 1a18.1b9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL)WinVerifyTrust 1a18.1b9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' 1a18.1b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' 1a18.1b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1b9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\winnsi.dll' 1a18.1b9c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winnsi.dll'. 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'. 1a18.1b9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll) 1a18.1b9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' 1a18.1b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' 1a18.1b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' 1a18.1b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.1b9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'cfgmgr32.dll'. 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'. 1a18.1b9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll)WinVerifyTrust 1a18.1b9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' 1a18.1b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1b9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' 1a18.1b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.1b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' 1a18.1b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1a18.1b9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll)WinVerifyTrust 1a18.1b9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1b9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' 1a18.1b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' 1a18.1b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' 1a18.1b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'. 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'. 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'. 1a18.1b9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll)WinVerifyTrust 1a18.1b9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' 1a18.1b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' 1a18.1b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' 1a18.1b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' 1a18.1b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume3\Windows\System32\newdev.dll' 1a18.1b9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e28 pwszName=\Device\HarddiskVolume3\Windows\System32\newdev.dll 1a18.1b9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.1b9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.1b9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EAD431E57FCC787ED701559E9AF2ACC33D2DCED0 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1b9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.1b9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.1b9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1722_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.cat'; file='\Device\HarddiskVolume3\Windows\System32\newdev.dll' 1a18.1b9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'uxtheme.dll'. 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'cfgmgr32.dll'. 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'setupapi.dll'. 1a18.1b9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\newdev.dll)WinVerifyTrust 1a18.1b9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\newdev.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' 1a18.1b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' 1a18.1b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' 1a18.1b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' 1a18.1b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' 1a18.1b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' 1a18.1b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume3\Windows\System32\uxtheme.dll' 1a18.1b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' 1a18.1b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' 1a18.1b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' 1a18.1b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.1b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.1b9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll 1a18.1b9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll 1a18.1b9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll 1a18.1b9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL 1a18.1b9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\newdev.dll 1a18.1b9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll [avoiding WinVerifyTrust] 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.1b9c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\devrtl.dll) 1a18.1b9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devrtl.dll 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8db7e0000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL' 1a18.1b9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e10 pwszName=\Device\HarddiskVolume3\Windows\System32\devrtl.dll 1a18.1b9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.1b9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.1b9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6059B260D211680DF083154CCCE38DE8412914CF 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1b9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.1b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.1b9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.1b9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-CoreSystem-Base-Package~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\devrtl.dll' 1a18.1b9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.1b9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\devrtl.dll' 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1b9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.1b9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.1b9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winnsi.dll' 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1b9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1b9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8df040000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL' 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1b9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1b9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f46f0000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL' 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1b9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1b9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.121c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.121c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.121c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.121c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.121c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.121c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.121c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.121c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1a18.121c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 1a18.121c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1a18.121c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll)WinVerifyTrust 1a18.121c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll 1a18.121c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1a18.121c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' 1a18.121c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 1a18.121c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 1a18.121c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' 1a18.121c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll 1a18.121c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1a18.121c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' 1a18.121c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 1a18.121c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll 1a18.121c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f8170000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL' 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/Iphlpapi.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1b9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff906210000 'C:\Windows\system32/Iphlpapi.dll' 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'. 1a18.1b9c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll) 1a18.1b9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'. 1a18.1b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'. 1a18.1b9c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll) 1a18.1b9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll 1a18.1b9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f40 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll 1a18.1b9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.1b9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.1b9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B2E8A5C503120A11AEA21658FF24E56CA6FD0F29 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1b9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' 1a18.1b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' 1a18.1b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' 1a18.1b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' 1a18.1b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1a18.1b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' 1a18.1b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.1b9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.1b9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_198_for_KB2962409~31bf3856ad364e35~amd64~~6.3.1.2.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll' 1a18.1b9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.1b9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll' 1a18.1b9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e80 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll 1a18.1b9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.1b9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.1b9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F1462D922EF889F4B0A9FD14B2DFE30CDCB183D5 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1b9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.1b9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.1b9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_198_for_KB2962409~31bf3856ad364e35~amd64~~6.3.1.2.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll' 1a18.1b9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.1b9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll' 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/kernel32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.1b9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll 1a18.1b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90d750000 'C:\Windows\system32/kernel32.dll' 1a18.aa4: '\Device\HarddiskVolume3\Windows\System32\tzres.dll' has no imports 1a18.aa4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\tzres.dll) 1a18.aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\tzres.dll 1a18.aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\tzres.dll [avoiding WinVerifyTrust] 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000718 pwszName=\Device\HarddiskVolume3\Windows\System32\tzres.dll 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2C2912B1AF73A6796732D1488D75007F742A3299 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-CoreSystem-Base-Package~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\tzres.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\tzres.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\SYSTEM32\WINMM.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff909050000 'C:\Windows\SYSTEM32\WINMM.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\user32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b5a0000 'C:\Windows\system32\user32.dll' 1a18.aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mswsock.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mswsock.dll 1a18.aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a4f0000 'C:\Windows\system32\mswsock.dll' 1a18.aa4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-version-l1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ad00000 'api-ms-win-core-version-l1-1-0.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/uxtheme.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff909940000 'C:\Windows\system32/uxtheme.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\propsys.dll *pfFlags=0x0 pwszSearchPath=0000000000000009: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b040000 'C:\Windows\System32\WINTRUST.DLL' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll *pfFlags=0x2 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\CRYPT32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'combase.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\propsys.dll)WinVerifyTrust 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\propsys.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9055c0000 'C:\Windows\system32\propsys.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000009: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' [rcNt=0x0] 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001160 pwszName=\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5390073B6380AD5C6C8BDA60984E68C77A19C6FF 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2551_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.cat'; file='\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'gdi32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll)WinVerifyTrust 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9082b0000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' [rcNt=0x0] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9082b0000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'combase.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\System32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\System32\shell32.dll' 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\apphelp.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\apphelp.dll 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011a0 pwszName=\Device\HarddiskVolume3\Windows\System32\apphelp.dll 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B4C95513642E818E61368D055E77885237B5EC1E 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1722_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.cat'; file='\Device\HarddiskVolume3\Windows\System32\apphelp.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\apphelp.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL *pfFlags=0x0 pwszSearchPath=0000000000000009: 1a18.fa0: \Device\HarddiskVolume3\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL: Owner is not trusted installer (01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00) 1a18.fa0: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume3\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL) 1a18.fa0: Error (rc=0): 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume3\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume3\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL'. 1a18.fa0: Error (rc=0): 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL': rcNt=0xc0000190 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL *pfFlags=0x0 pwszSearchPath=0000000000000009: 1a18.fa0: \Device\HarddiskVolume3\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL: Owner is not trusted installer (01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00) 1a18.fa0: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume3\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL) 1a18.fa0: Error (rc=0): 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume3\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume3\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL'. 1a18.fa0: Error (rc=0): 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL': rcNt=0xc0000190 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL *pfFlags=0x0 pwszSearchPath=0000000000000009: 1a18.fa0: \Device\HarddiskVolume3\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL: Owner is not trusted installer (01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00) 1a18.fa0: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume3\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL) 1a18.fa0: Error (rc=0): 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume3\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume3\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL'. 1a18.fa0: Error (rc=0): 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL': rcNt=0xc0000190 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Users\hkden_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll *pfFlags=0x0 pwszSearchPath=0000000000000009: 1a18.fa0: \Device\HarddiskVolume3\Users\hkden_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 ac 0c e3 60 a3 a2 97 e3 45 53 34 19 e9 03 00 00) 1a18.fa0: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume3\Users\hkden_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll) 1a18.fa0: Error (rc=0): 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume3\Users\hkden_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume3\Users\hkden_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll'. 1a18.fa0: Error (rc=0): 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\hkden_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll': rcNt=0xc0000190 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\hkden_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Users\hkden_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll *pfFlags=0x0 pwszSearchPath=0000000000000009: 1a18.fa0: \Device\HarddiskVolume3\Users\hkden_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 ac 0c e3 60 a3 a2 97 e3 45 53 34 19 e9 03 00 00) 1a18.fa0: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume3\Users\hkden_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll) 1a18.fa0: Error (rc=0): 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume3\Users\hkden_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume3\Users\hkden_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll'. 1a18.fa0: Error (rc=0): 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\hkden_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll': rcNt=0xc0000190 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\hkden_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Users\hkden_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll *pfFlags=0x0 pwszSearchPath=0000000000000009: 1a18.fa0: \Device\HarddiskVolume3\Users\hkden_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 ac 0c e3 60 a3 a2 97 e3 45 53 34 19 e9 03 00 00) 1a18.fa0: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume3\Users\hkden_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll) 1a18.fa0: Error (rc=0): 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume3\Users\hkden_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume3\Users\hkden_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll'. 1a18.fa0: Error (rc=0): 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\hkden_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll': rcNt=0xc0000190 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\hkden_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Users\hkden_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll *pfFlags=0x0 pwszSearchPath=0000000000000009: 1a18.fa0: \Device\HarddiskVolume3\Users\hkden_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 ac 0c e3 60 a3 a2 97 e3 45 53 34 19 e9 03 00 00) 1a18.fa0: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume3\Users\hkden_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll) 1a18.fa0: Error (rc=0): 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume3\Users\hkden_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume3\Users\hkden_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll'. 1a18.fa0: Error (rc=0): 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\hkden_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll': rcNt=0xc0000190 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\hkden_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\EhStorShell.dll *pfFlags=0x0 pwszSearchPath=0000000000000009: 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011a8 pwszName=\Device\HarddiskVolume3\Windows\System32\EhStorShell.dll 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C111F1DA8BF20C35EDD63783C5A20BD7DD10D4D1 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-drivers~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\EhStorShell.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shlwapi.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'comctl32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'setupapi.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\EhStorShell.dll)WinVerifyTrust 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\EhStorShell.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\comctl32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\EhStorShell.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8feb50000 'C:\Windows\System32\EhStorShell.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\EhStorShell.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\EhStorShell.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8feb50000 'C:\Windows\System32\EhStorShell.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\Google\Drive\googledrivesync64.dll *pfFlags=0x0 pwszSearchPath=0000000000000009: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904a40000 'C:\Windows\System32\cryptnet.dll' 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'shlwapi.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'psapi.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcp90.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr90.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files (x86)\Google\Drive\googledrivesync64.dll)WinVerifyTrust 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files (x86)\Google\Drive\googledrivesync64.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr90.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msvcr90.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp90.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msvcp90.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\psapi.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\psapi.dll)WinVerifyTrust 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\psapi.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files (x86)\Google\Drive\googledrivesync64.dll 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr90.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\msvcp90.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\msvcp90.dll 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\msvcr90.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\msvcr90.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f8b00000 'C:\Program Files (x86)\Google\Drive\googledrivesync64.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr90.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr90.dll' -> '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\msvcr90.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\msvcr90.dll [lacks WinVerifyTrust] 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\msvcr90.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\msvcp90.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\Google\Drive\googledrivesync64.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files (x86)\Google\Drive\googledrivesync64.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f8b00000 'C:\Program Files (x86)\Google\Drive\googledrivesync64.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\Google\Drive\googledrivesync64.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files (x86)\Google\Drive\googledrivesync64.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f8b00000 'C:\Program Files (x86)\Google\Drive\googledrivesync64.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\Google\Drive\googledrivesync64.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files (x86)\Google\Drive\googledrivesync64.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f8b00000 'C:\Program Files (x86)\Google\Drive\googledrivesync64.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\Google\Drive\googledrivesync64.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files (x86)\Google\Drive\googledrivesync64.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f8b00000 'C:\Program Files (x86)\Google\Drive\googledrivesync64.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\Google\Drive\googledrivesync64.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files (x86)\Google\Drive\googledrivesync64.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f8b00000 'C:\Program Files (x86)\Google\Drive\googledrivesync64.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cscui.dll *pfFlags=0x0 pwszSearchPath=0000000000000009: 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011ec pwszName=\Device\HarddiskVolume3\Windows\System32\cscui.dll 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5D2FC784920E1F6BF3C4923F486D515E2F9CCA3C 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_191_for_KB2967917~31bf3856ad364e35~amd64~~6.3.1.2.cat'; file='\Device\HarddiskVolume3\Windows\System32\cscui.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'propsys.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'shlwapi.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'cscdll.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cscui.dll)WinVerifyTrust 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cscui.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cscdll.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cscdll.dll' -> '\Device\HarddiskVolume3\Windows\System32\cscdll.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011b4 pwszName=\Device\HarddiskVolume3\Windows\System32\cscdll.dll 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C7C19FE4B9E02E438BDDAD0079F101A7B3C792A7 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\cscdll.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cscdll.dll)WinVerifyTrust 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cscdll.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cscui.dll 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cscdll.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' [rcNt=0x0] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9082b0000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fd810000 'C:\Windows\System32\cscui.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cscui.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cscui.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fd810000 'C:\Windows\System32\cscui.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mssprxy.dll *pfFlags=0x0 pwszSearchPath=0000000000000009: 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001228 pwszName=\Device\HarddiskVolume3\Windows\System32\mssprxy.dll 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=53EB47F5A8988B3B2527DFE62F7F802B3B634D23 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5584_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.cat'; file='\Device\HarddiskVolume3\Windows\System32\mssprxy.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'combase.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mssprxy.dll)WinVerifyTrust 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mssprxy.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mssprxy.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f1540000 'C:\Windows\system32\mssprxy.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000009: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\System32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\thumbcache.dll *pfFlags=0x0 pwszSearchPath=0000000000000009: 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001240 pwszName=\Device\HarddiskVolume3\Windows\System32\thumbcache.dll 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F8A71C810C28D08DA8231226ACEB9802D8F7DC0D 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2555_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.cat'; file='\Device\HarddiskVolume3\Windows\System32\thumbcache.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'shcore.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'user32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'gdi32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'shell32.dll'. 1a18.fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'propsys.dll'. 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\thumbcache.dll)WinVerifyTrust 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\thumbcache.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1a18.fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 1a18.fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\thumbcache.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' [rcNt=0x0] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9082b0000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff906260000 'C:\Windows\System32\thumbcache.dll' 1a18.fa0: '\Device\HarddiskVolume3\Windows\System32\imageres.dll' has no imports 1a18.fa0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\imageres.dll) 1a18.fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imageres.dll 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001258 pwszName=\Device\HarddiskVolume3\Windows\System32\imageres.dll 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b9b990 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7467EB099B57A749CBEA853CF14DF9A93862B832 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a190000 'C:\Windows\system32\rsaenh.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae10000 'C:\Windows\system32\crypt32.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\imageres.dll' 1a18.fa0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1a18.fa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imageres.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\windowscodecs.dll *pfFlags=0x0 pwszSearchPath=0000000000000009: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff907330000 'C:\Windows\system32\windowscodecs.dll' 1a18.fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imageres.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=OLEAUT32.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: 'OLEAUT32.DLL' -> 'C:\Windows\system32\OLEAUT32.DLL' [rcNt=0xc0150008] 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b4e0000 'C:\Windows\system32\OLEAUT32.DLL' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msctf.dll *pfFlags=0x0 pwszSearchPath=0000000000000009: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ba40000 'C:\Windows\system32\msctf.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msctf.dll *pfFlags=0x0 pwszSearchPath=0000000000000009: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ba40000 'C:\Windows\system32\msctf.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 1a18.fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bf00000 'C:\Windows\system32\shell32.dll' 1a18.430: supR3HardenedMonitor_LdrLoadDll: pName=OPENGL32 *pfFlags=0x0 pwszSearchPath=0000000000000001: 1a18.430: supR3HardenedMonitor_LdrLoadDll: 'OPENGL32' -> 'C:\Windows\system32\OPENGL32.dll' [rcNt=0xc0150008] 1a18.430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll 1a18.430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fd9c0000 'C:\Windows\system32\OPENGL32.dll' 1a18.fa0: Terminating the normal way: rcExit=0 1bb0.1900: supR3HardenedWinDoReSpawn(2): Quitting: ExitCode=0x0 rcNt=0x0 19d0.19d8: supR3HardenedWinDoReSpawn(1): Quitting: ExitCode=0x0 rcNt=0x0